Home > Vulnerability Database > CVE-2023-49559

Mend.io Vulnerability Database

CVE-2023-49559

Good to know:

Date: June 11, 2024

An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function.

Language: Go

Severity Score

3.7

Related Resources (8)

Url: https://github.com/vektah/gqlparser

Url: https://github.com/vektah/gqlparser/commit/36a3658873bf5a107f42488dfc392949cdd02977

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-49559

Url: https://github.com/99designs/gqlgen/issues/3118

Url: https://github.com/vektah/gqlparser/blob/master/parser/query.go#L316

Url: https://gist.github.com/uvzz/d3ed9d4532be16ec1040a2cf3dfec8d1

Url: https://github.com/advisories/GHSA-2hmf-46v7-v6fx

Url: https://www.mend.io/vulnerability-database/CVE-2023-49559

Severity Score

3.7

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Allocation of Resources Without Limits or Throttling

CWE-770

Top Fix

Upgrade Version

Upgrade to version github.com/vektah/gqlparser/v2 - v2.5.14;github.com/vektah/gqlparser - v2.5.14

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-49559

Good to know:

Date: June 11, 2024

Language: Go

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?