async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 03 Oct 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Graphql
Graphql async-graphql
CPEs cpe:2.3:a:graphql:async-graphql:*:*:*:*:*:*:*:*
Vendors & Products Graphql
Graphql async-graphql
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 03 Oct 2024 14:45:00 +0000

Type Values Removed Values Added
Description async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10.
Title async-graphql vulnerable to Directive Overload
Weaknesses CWE-770
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-10-03T15:47:22.144Z

Reserved: 2024-09-27T20:37:22.120Z

Link: CVE-2024-47614

cve-icon Vulnrichment

Updated: 2024-10-03T15:47:10.668Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-03T15:15:14.720

Modified: 2024-10-04T13:50:43.727

Link: CVE-2024-47614

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.