graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9.

Threat-Mapped Scoring

Score: 1.9

Priority: P3 - Important (Medium)

• S9 – Sabotage of System/App
• S10 – Denial of Service (+0.1 bonus)

EPSS

Score: 0.01104
Percentile: 0.77118

CVSS Scoring

Affected Products

• cpe:2.3:a:graphql-java_project:graphql-java:*:*:*:*:*:java:*:*
• cpe:2.3:a:graphql-java_project:graphql-java:*:*:*:*:*:*:*:*

← Back to Home