← Volver a CVEs
CVE-2022-31173
HIGH7.5
Descripcion
Juniper is a GraphQL server library for Rust. Affected versions of Juniper are vulnerable to uncontrolled recursion resulting in a program crash. This issue has been addressed in version 0.15.10. Users are advised to upgrade. Users unable to upgrade should limit the recursion depth manually.
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado8/1/2022
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
juniper_project:juniper
Debilidades (CWE)
CWE-400CWE-674
Referencias
https://github.com/graphql-rust/juniper/blob/juniper-v0.15.10/juniper/CHANGELOG.md#01510-2022-07-28(security-advisories@github.com)
https://github.com/graphql-rust/juniper/commit/2b609ee057be950e3454b69fadc431d120e407bb(security-advisories@github.com)
https://github.com/graphql-rust/juniper/commit/8d28cdba6eb10f53490ba41d1b5cb40506c2de22(security-advisories@github.com)
https://github.com/graphql-rust/juniper/security/advisories/GHSA-4rx6-g5vg-5f3j(security-advisories@github.com)
https://github.com/graphql-rust/juniper/blob/juniper-v0.15.10/juniper/CHANGELOG.md#01510-2022-07-28(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/graphql-rust/juniper/commit/2b609ee057be950e3454b69fadc431d120e407bb(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/graphql-rust/juniper/commit/8d28cdba6eb10f53490ba41d1b5cb40506c2de22(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/graphql-rust/juniper/security/advisories/GHSA-4rx6-g5vg-5f3j(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.