Vulnerability Description
graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Graphql-Java Project | Graphql-Java | < 17.4 |
References
- https://github.com/graphql-java/graphql-java/discussions/2958PatchThird Party Advisory
- https://github.com/graphql-java/graphql-java/issues/2888Issue TrackingPatchThird Party Advisory
- https://github.com/graphql-java/graphql-java/pull/2892ExploitPatchThird Party Advisory
- https://github.com/graphql-java/graphql-java/releasesRelease NotesThird Party Advisory
- https://github.com/graphql-java/graphql-java/discussions/2958PatchThird Party Advisory
- https://github.com/graphql-java/graphql-java/issues/2888Issue TrackingPatchThird Party Advisory
- https://github.com/graphql-java/graphql-java/pull/2892ExploitPatchThird Party Advisory
- https://github.com/graphql-java/graphql-java/releasesRelease NotesThird Party Advisory
FAQ
What is CVE-2022-37734?
CVE-2022-37734 is a vulnerability with a CVSS score of 7.5 (HIGH). graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0...
How severe is CVE-2022-37734?
CVE-2022-37734 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-37734?
Check the references section above for vendor advisories and patch information. Affected products include: Graphql-Java Project Graphql-Java.