High severityNVD Advisory· Published Mar 27, 2023· Updated Feb 19, 2025
CVE-2023-28867
CVE-2023-28867
Description
In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.graphql-java:graphql-javaMaven | < 0.0.0-2023-03-20T01-49-44-80e3135 | 0.0.0-2023-03-20T01-49-44-80e3135 |
com.graphql-java:graphql-javaMaven | >= 1.2, < 17.5 | 17.5 |
com.graphql-java:graphql-javaMaven | >= 18.0, < 18.4 | 18.4 |
com.graphql-java:graphql-javaMaven | >= 19.0, < 19.4 | 19.4 |
com.graphql-java:graphql-javaMaven | >= 20.0, < 20.1 | 20.1 |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-p4qx-6w5p-4rj2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-28867ghsaADVISORY
- github.com/graphql-java/graphql-java/pull/3112ghsaWEB
- github.com/graphql-java/graphql-java/releases/tag/v17.5ghsaWEB
- github.com/graphql-java/graphql-java/releases/tag/v18.4ghsaWEB
- github.com/graphql-java/graphql-java/releases/tag/v19.4ghsaWEB
- github.com/graphql-java/graphql-java/releases/tag/v20.1ghsaWEB
News mentions
0No linked articles in our index yet.