logo

Database

Asymmetric denial of service In async-graphql

Description

async-graphql Directive Overload

Impact

    Service Disruption: The server may become unresponsive or extremely slow, potentially leading to downtime.

    Resource Exhaustion: Excessive use of server resources, such as CPU and memory, could negatively impact other services running on the same infrastructure.

    User Experience Degradation: Users may experience delays or failures when accessing the service, which could lead to frustration and loss of trust in the service.

Patches

    Upgrade to v7.0.10

    Use SchemaBuilder.limit_directives to limit the maximum number of directives for a single field.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2024-476142. NVD-2024-476143. OSV-2024-476144. GHSA-5gc2-7c65-8fq85. GCVE-2024-47614

References

1. https://github.com/async-graphql/async-graphql/security/advisories/GHSA-5gc2-7c65-8fq82. https://github.com/async-graphql/async-graphql/commit/7f1791488463d4e9c5adcd543962173e2f6cbd34

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.