VDB

DEBIAN-CVE-2023-26144

DEBIAN-CVE-2023-26144 PUBLISHED CVSS 5.300000190734863 MEDIUM

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance. **Note:** It was not proven that this vulnerability can crash the process.

Risk Scores

CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products

VendorProductVersions
Debiannode-graphql
Debian:14node-graphql0, 0, 0
Debian:13node-graphql0, 0, 0
Debian:12node-graphql0, 16.8.1-1, 16.8.1-3

Timeline

  • Sep 20, 2023 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›