Vulnerability Report: GO-2022-0300
- CVE-2022-21708, GHSA-mh3m-8c74-74xh
- Affects: github.com/graph-gophers/graphql-go
- Published: Jul 15, 2022
- Modified: Jun 12, 2023
Malicious inputs can cause a panic. A maliciously crafted input can cause a stack overflow and panic. Any user with access to the GraphQL can send such a query. This issue only occurs when using the graphql.MaxDepth schema option (which is highly recommended in most cases).
Affected Packages
-
PathVersionsSymbols
-
before v1.3.0
Aliases
References
- https://github.com/graph-gophers/graphql-go/commit/eae31ca73eb3473c544710955d1dbebc22605bfe
- https://vuln.go.dev/ID/GO-2022-0300.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.