CVE-2023-49559
LOWgqlparser < 2.5.14 - Denial of Service via ParserDirectives Function
Title source: llmDescription
An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function.
References (1)
Core 1
Core References
Various Sources
https://gist.github.com/uvzz/d3ed9d4532be16ec1040a2cf3dfec8d1
Scores
CVSS v3
3.7
EPSS
0.0051
EPSS Percentile
39.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-770
Status
published
Products (1)
vektah/gqlparser
0 - 2.5.14 (2 CPE variants)Go
Published
Jun 12, 2024
Tracked Since
Feb 18, 2026