Risk Scores
CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
EPSS Score
2.53%
85.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | graphql | 16.3.0, 16.3.0 |
| graphql | graphql | 16.3.0, 17.0.0, 17.0.0 |
| npm | graphql | 16.3.0, 16.3.0 |
Timeline
- Sep 20, 2023 CVE Published
- Sep 20, 2023 PoC Published
- Sep 22, 2023 EPSS Score
- Oct 24, 2023 EPSS Score
- Nov 7, 2023 CVE Updated
- Dec 26, 2023 EPSS Score
- Jan 26, 2024 EPSS Score
- Mar 29, 2024 EPSS Score
- Apr 30, 2024 EPSS Score
- May 31, 2024 EPSS Score
- Aug 2, 2024 EPSS Score
- Sep 3, 2024 EPSS Score
References
- https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181 url
- https://github.com/graphql/graphql-js/pull/3972 url
- https://github.com/graphql/graphql-js/issues/3955 url
- https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226 url
- https://github.com/graphql/graphql-js/releases/tag/v16.8.1 url
- https://nvd.nist.gov/vuln/detail/CVE-2023-26144 advisory
- https://github.com/graphql/graphql-js/commit/8f4c64eb6a7112a929ffeef00caa67529b3f2fcf url
- https://github.com/graphql/graphql-js package