VDB
CVE-2023-49559
CVE-2023-49559
PUBLISHED
CVSS 3.700000047683716 LOW
An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function.
EPSS 0.07% · 22.1th percentile
Risk Scores
CVSS v3.1
3.700000047683716
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
0.07%
22.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | vektah/gqlparser/v2 | 0 |
| github.com | vektah/gqlparser | 0 |
| n/a | n/a | n/a |
Timeline
- Jun 12, 2024 CVE Published
- Jun 13, 2024 EPSS Score
- Jul 6, 2024 EPSS Score
- Jul 29, 2024 EPSS Score
- Aug 21, 2024 EPSS Score
- Sep 13, 2024 EPSS Score
- Oct 5, 2024 EPSS Score
- Oct 28, 2024 EPSS Score
- Nov 20, 2024 EPSS Score
- Dec 3, 2024 CVE Updated
- Dec 14, 2024 EPSS Score
- Jan 6, 2025 EPSS Score
References
- https://gist.github.com/uvzz/d3ed9d4532be16ec1040a2cf3dfec8d1 url
- https://nvd.nist.gov/vuln/detail/CVE-2023-49559 advisory
- https://github.com/99designs/gqlgen/issues/3118 url
- https://github.com/vektah/gqlparser/commit/36a3658873bf5a107f42488dfc392949cdd02977 url
- https://github.com/advisories/GHSA-2hmf-46v7-v6fx advisory
- https://github.com/vektah/gqlparser package
- https://github.com/vektah/gqlparser/blob/master/parser/query.go#L316 url