NodeJS/graphql/16.4.0-canary.pr.2839.e3a8069cfaa6406186314b62aced6487f417a2e6
A Query Language and Runtime which can target any service.
https://www.npmjs.com/package/graphql
MIT
1 Security Vulnerabilities
graphql Uncontrolled Resource Consumption vulnerability
Published date: 2023-09-20T06:30:50Z
CVE: CVE-2023-26144
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2023-26144
- https://github.com/graphql/graphql-js/issues/3955
- https://github.com/graphql/graphql-js/pull/3972
- https://github.com/graphql/graphql-js/releases/tag/v16.8.1
- https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181
- https://github.com/graphql/graphql-js/commit/8f4c64eb6a7112a929ffeef00caa67529b3f2fcf
- https://github.com/advisories/GHSA-9pv7-vfvm-6vr7
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.
Note: It was not proven that this vulnerability can crash the process.
Affected versions:
["16.3.0", "16.3.0-canary.pr.3418.662180be9091ee1edf699b4cf4922bd5b7705297", "16.4.0", "16.4.0-canary.pr.2839.e3a8069cfaa6406186314b62aced6487f417a2e6", "16.5.0", "16.5.0-canary.pr.3686.d9ad8e3fd58929d38deea522d794a6b22d3244b5", "16.6.0", "16.7.0", "16.7.1", "16.8.0"]
Secure versions:
[0.0.2, 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 0.1.8, 0.1.9, 0.1.10, 0.1.11, 0.1.12, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.3.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.4.7, 0.4.8, 0.4.9, 0.4.10, 0.4.11, 0.4.12, 0.4.13, 0.4.14, 0.4.15, 0.4.16, 0.4.17, 0.4.18, 0.5.0-beta.1, 0.5.0, 0.6.0, 0.6.1, 0.6.2, 0.7.0, 0.7.1, 0.7.2, 0.8.0-beta1, 0.8.0-beta2, 0.8.0-beta3, 0.8.0, 0.8.1, 0.8.2, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.11.0, 0.11.1, 0.11.2, 0.11.3, 0.11.4, 0.11.5, 0.11.6, 0.11.7, 0.12.0, 0.12.1, 0.12.2, 0.12.3, 0.13.0-rc.1, 0.13.0, 0.13.1, 0.13.2, 14.0.0-rc.1, 14.0.0-rc.2, 14.0.0, 14.0.1, 14.0.2, 14.1.0, 14.1.1, 14.2.0, 14.2.1, 14.3.0, 14.3.1, 14.4.0, 14.4.1, 14.4.2, 14.5.0, 14.5.1, 14.5.2, 14.5.3, 14.5.4, 14.5.5, 14.5.6, 14.5.7, 14.5.8, 15.0.0-alpha.1, 15.0.0-alpha.2, 15.0.0-rc.1, 14.6.0, 15.0.0-rc.2, 15.0.0, 15.1.0, 15.2.0, 15.3.0, 14.7.0, 15.4.0, 15.5.0, 16.0.0-alpha.1, 16.0.0-alpha.2, 16.0.0-alpha.3, 16.0.0-alpha.4, 16.0.0-alpha.5, 15.5.1, 16.0.0-rc.1, 16.0.0-rc.2, 15.5.2, 15.5.3, 15.6.0, 15.6.1, 16.0.0-rc.3, 16.0.0-rc.4, 16.0.0-rc.5, 16.0.0-rc.6, 15.7.0, 16.0.0-rc.7, 15.7.1, 15.7.2, 16.0.0, 16.0.1, 15.8.0, 16.1.0, 16.2.0, 16.3.0-canary.pr.3469.bef54ca054e29cae26d2dd974eedf2c12bca7ef4, 16.3.0-canary.pr.3469.bc0462e3d100314d7aa00049d2c15cbb58d8b3d8, 16.3.0-canary.pr.3469.8212fa925aa1a32715752030913a6e296e8c0fd3, 16.3.0-canary.pr.3479.undefined, 16.3.0-canary.pr.3480.undefined, 16.3.0-canary.pr.3481.undefined, 16.3.0-canary.pr.3482.undefined, 16.3.0-canary.pr.3483.undefined, 16.3.0-canary.pr.3484.b6999ce061b975f1c6c99c790782323b91c5eb21, 16.3.0-canary.pr.3485.d71879afe1f1411b80adcbfe33bd95ab57e7fc11, 16.3.0-canary.pr.3485.3c71ef7dd720383cba84a1637665fc18001c4f32, 16.3.0-canary.pr.3486.c8ac9896696f401b9efffa1806443732cb0a010d, 16.3.0-canary.pr.2839.7e65b1d8e7b5bf1ef1592babff40b9873198a741, 16.3.0-canary.pr.3487.8c9c7200bf3db49bf1c32055d60fdd5ea3089add, 16.3.0-canary.pr.3487.a0dcf0130ae81994df47049c9233df11516abfcd, 16.3.0-canary.pr.3488.0d90f0c792c9d223b5505d3cc0d9a8519bb2883a, 16.3.0-canary.pr.3488.9f7ad13c9ae7289c4d425698bd040d36978ff81a, 16.3.0-canary.pr.3489.568f3378cc3cf660e25d79253cc9a101ae9df4e0, 16.3.0-canary.pr.3482.e5eb0dafc74d537a1e07c6a2cc15afdc1431537f, 0.0.1-test.1, 16.3.0-canary.pr.3493.365426c363b5db8b3278d34deff0d790edcb6fdd, 16.3.0-canary.pr.3494.612fd45b42a5e2aa26d9bd72e1c89d7219620dea, 16.3.0-canary.pr.3496.43a2529cfa6890f5a11867e62c7a817d7879235d, 16.3.0-canary.pr.3482.7777ea054008ac921136cf694d64041494250def, 16.3.0-canary.pr.3497.4a0bc98371a633cf49efc236c1011ca5a955e848, 16.3.0-canary.pr.3498.5fd2797529557639476d5aa24359f97653bcbf22, 16.3.0-canary.pr.3482.6f2ec221eab5916d6d7bbfc6167256477bd35c45, 16.3.0-canary.pr.3499.ee62926bcf03d7d05ccb227cb7a67338ebab423d, 16.3.0-canary.pr.3501.1daccf7bfd7fe9ffeabb319f26aa1b9bf5133e4c, 16.3.0-canary.pr.3502.de9b8457d4a34eb544ff7b97ffacd641c913a2d1, 16.3.0-canary.pr.3494.25e1e8c8de6b13288ac61febf75d6f415f81a044, 16.3.0-canary.pr.3504.7c7b6ed1e17e6cf5e114f1a89a24d289fb969aff, 16.3.0-canary.pr.3505.9190e5ce1cc557931a15ca1f7b15586f033c8a02, 16.3.0-canary.pr.3505.b157d96d56ade071a24a1b0c71334efb9af57689, 16.3.0-canary.pr.3418.64c65ba6a2e7e923ed9a476c945f3c72da7a6c7f, 16.3.0-canary.pr.3134.aaacb12ce929a1f2899503018cc6d39a2f83ae28, 16.3.0-canary.pr.2757.7e793c133f5b9c47a1b12e98ea3a35b1b1471dc4, 16.3.0-canary.pr.2839.0f282a62cbd565b6e8682f6c1e8c49ac075ac257, 16.3.0-canary.pr.2839.f76ee8fd7af45d88a33dfc674f2a71d505d2d9b1, 16.3.0-canary.pr.2839.3405bedecf6a15ea89f64d6a86d84234a3c0cf7b, 16.3.0-canary.pr.3506.be685b29062b443b0962af292fb5c9337331db70, 16.3.0-canary.pr.2839.5c5e3621fdc4e4ee4e7f781962fe4a99319d6ac0, 16.3.0-canary.pr.2839.9c3b21ca34d760070b76424327061e6b4ad26f05, 16.3.0-canary.pr.3510.942fbd8ea3d803e74908fabecbe03dfaefe3e5c8, 16.3.0-canary.pr.3510.5099f4491dc2a35a3e4a0270a55e2a228c15f13b, 16.3.0-canary.pr.3512.a3b8b9e394ae4050a2100de2720f8b3ded0a3e41, 16.3.0-canary.pr.3514.a34e553c7cc83a21ffa73c7bf1a1932007a2606b, 16.3.0-canary.pr.3465.6c6701425310ce7f866ce71628bdf9443ae0f0af, 16.3.0-canary.pr.3518.3a63d81d7ad886f7edc3cab06fd2295b71c91bed, 16.3.0-canary.pr.3520.688c34204fb183f15a334882567d4d6d011cd234, 16.3.0-canary.pr.3521.f50bec8fecfd5aaa7e74227c5a4b9056dae9e849, 16.3.0-canary.pr.2839.aab5478afb03155d26abbee8ad8fa34841ee3be3, 16.3.0-canary.pr.2839.09322403ecf6640bfc695dab3ffe5e98f611911d, 17.0.0-alpha.1, 17.0.0-alpha.1.canary.pr.3601.9a812ce71ad05c9dc089b40129f8295ca733e108, 17.0.0-alpha.1.canary.pr.2839.db4d0cdea30214fb7bb00724b7827708ca5de8a5, 17.0.0-alpha.1.canary.pr.3658.null, 17.0.0-alpha.1.canary.pr.3659.cef660554446d49cec9a0958afb9690dd0b19193, 17.0.0-alpha.1.canary.pr.3651.57364d3f9da445b2bba520d3b886e07dc2af10e2, 17.0.0-alpha.1.canary.pr.3673.53c289997f206acd10388d6a574341c68cc1a30e, 17.0.0-alpha.1.canary.pr.3659.735abf5edacd99b712ddb40d89bd8b213640eb07, 17.0.0-alpha.1.canary.pr.3703.fce1b706e279820c9612ad3061b740b831f17672, 17.0.0-alpha.1.canary.pr.3703.9360805de6310b453b76a53431f921b44a76c2f9, 17.0.0-alpha.1.canary.pr.3703.df016a7b352e356ad0049dd81e2cd14252cec5fe, 17.0.0-alpha.1.canary.pr.3659.5dba20aef36112d13569d5f296ef967383e60d0f, 17.0.0-alpha.1.canary.pr.3361.04ab27334641e170ce0e05bc927b972991953882, 17.0.0-alpha.2, 17.0.0-alpha.2.canary.pr.3791.264f22163eb937ff87a420be9f7d45965f2cbf07, 17.0.0-alpha.2.canary.pr.3754.1564174b0dc26e0adf7ff2833716d06606b06a20, 17.0.0-alpha.2.canary.pr.3791.e6d3ec58026d75b71b7b84c3da5f376ec7eeca94, 17.0.0-alpha.2.canary.pr.3791.22288c73e61ad3ca68687546f2058561e41fcc93, 17.0.0-alpha.2.canary.pr.3911.a281faf70fee4ba1522af45cf15f41a899c723c4, 17.0.0-alpha.2.canary.pr.3937.8e773a04d8041ffc00a1550e8c6688e01ba11832, 17.0.0-alpha.2.canary.pr.3957.454033bcee41c456acce935e49e3e420b75115e4, 17.0.0-alpha.3, 16.8.1, 17.0.0-alpha.3.canary.pr.3969.83688beb16ecba5a0495158c3c2b3684730579bf, 17.0.0-alpha.3.canary.pr.3791.4a8f641106bee54f1e4a4de4bf59c49976541b00, 17.0.0-alpha.3.canary.pr.4002.b3f6af2e83280d7830b2a01265e0977b7b68e2f4, 17.0.0-alpha.3.canary.pr.4026.5922420b3b235970ee230497190e28c8290c8f16, 17.0.0-alpha.3.canary.pr.4026.5e657d31b3abdc38acd6bb21c50ed3a41aa33905, 17.0.0-alpha.3.canary.pr.4026.74aa85f56dea9ab9feb4445165eb0e2347ea674f, 17.0.0-alpha.3.canary.pr.4026.d2f30cc0780dd436b1a05aa23dfa28c83da7d033, 17.0.0-alpha.3.canary.pr.4032.4fb41fe3e1f2b4b27437138d6d7d4763c1992e7a, 17.0.0-alpha.3.canary.pr.4035.3404abc2382e32f6a3ab26f08a9ed54554678fa9, 17.0.0-alpha.3.canary.pr.4032.8bcdcea90e0a24432a78270866c27e0db6a2ae4d, 17.0.0-alpha.3.canary.pr.4026.1140ceffaf9629dd46a16d4fd28479240752f6eb, 17.0.0-alpha.3.canary.pr.4026.405885d861f562a160f9e92d0be418d819312016, 17.0.0-alpha.3.canary.pr.4097.291dd92c9059c6bcc88ff1fa21058a8ac519cf83, 16.8.2, 17.0.0-alpha.4, 17.0.0-alpha.5, 16.9.0, 15.9.0, 16.9.0-canary.pr.4159.0fa29326c53fcd63c6473c7357c28aa13fa0019d, 17.0.0-alpha.5.canary.pr.4153.4ff43175428332c954563050819fcb612e19ca41, 17.0.0-alpha.6, 17.0.0-alpha.5.canary.pr.4153.d5c18bebb93273daf40fce67daa1babc430a2ce2, 17.0.0-alpha.7, 16.9.0-canary.pr.4192.1813397076f44a55e5798478e7321db9877de97a]
Recommendation:
Update to version 16.9.0.