CVE-2023-40180Uncontrolled Resource Consumption in Graphql

CWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
7.5HIGHCNA
No vector
EPSS
0.7%
top 28.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Silverstripe GraphqlSilverstripe Silverstripe-graphql
Timeline
PublishedOct 16
Latest updateOct 17

Description

Denial of service vulnerability in silverstripe-graphql via recursive queries silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS a

Affected Packages2 packages

Packagistsilverstripe/graphql3.0.03.8.2+4
CVEListV5silverstripe/silverstripe-graphql5 versions+4

🔴Vulnerability Details

3
GHSA
Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries2023-10-17
OSV
Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries2023-10-17
CVEList
Denial of service vulnerability in silverstripe-graphql via recursive queries2023-10-16