VDB
CVE-2023-26144
CVE-2023-26144
PUBLISHED
CVSS 5.300000190734863 MEDIUM
graphql Uncontrolled Resource Consumption vulnerability
EPSS 2.14% · 84.6th percentile
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
EPSS Score
2.14%
84.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | graphql | 16.3.0, 16.3.0 |
| graphql | graphql | 17.0.0, 16.3.0, 17.0.0 |
| npm | graphql | 16.3.0, 16.3.0 |
Exploit Intelligence
- GraphQL vulnerability disclosure: CVE-2023-26144 (github-poc-repo)
- GraphQL vulnerability disclosure: CVE-2023-26144 (github-poc-repo)
- GraphQL vulnerability disclosure: CVE-2023-26144 (github-poc-repo)
- GraphQL vulnerability disclosure: CVE-2023-26144 (github-poc-repo)
- GraphQL vulnerability disclosure: CVE-2023-26144 (github-poc-repo)
- GraphQL vulnerability disclosure: CVE-2023-26144 (github-poc-repo)
- GraphQL vulnerability disclosure: CVE-2023-26144 (github-poc-repo)
- GraphQL vulnerability disclosure: CVE-2023-26144 (github-poc-repo)
- GraphQL vulnerability disclosure: CVE-2023-26144 (github-poc)
- GraphQL vulnerability disclosure: CVE-2023-26144 (github-poc)
…and 12 more exploits
Timeline
- Sep 20, 2023 CVE Published
- Sep 20, 2023 PoC Published
- Sep 22, 2023 EPSS Score
- Oct 24, 2023 EPSS Score
- Nov 7, 2023 CVE Updated
- Dec 27, 2023 EPSS Score
- Jan 28, 2024 EPSS Score
- Apr 2, 2024 EPSS Score
- May 4, 2024 EPSS Score
- Jun 5, 2024 EPSS Score
- Aug 8, 2024 EPSS Score
- Sep 9, 2024 EPSS Score
References
- https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181 url
- https://github.com/graphql/graphql-js/pull/3972 url
- https://github.com/graphql/graphql-js/issues/3955 url
- https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226 url
- https://github.com/graphql/graphql-js/releases/tag/v16.8.1 url
- https://nvd.nist.gov/vuln/detail/CVE-2023-26144 advisory
- https://github.com/graphql/graphql-js/commit/8f4c64eb6a7112a929ffeef00caa67529b3f2fcf url
- https://github.com/graphql/graphql-js package