Low severity3.7NVD Advisory· Published Jun 12, 2024· Updated Jun 17, 2026
CVE-2023-49559
CVE-2023-49559
Description
An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/vektah/gqlparser/v2Go | < 2.5.14 | 2.5.14 |
github.com/vektah/gqlparserGo | < 2.5.14 | 2.5.14 |
Affected products
29- osv-coords29 versionspkg:apk/chainguard/daggerpkg:apk/chainguard/external-dnspkg:apk/chainguard/external-dns-bitnami-compatpkg:apk/chainguard/external-dns-fipspkg:apk/chainguard/external-dns-fips-bitnami-compatpkg:apk/chainguard/external-dns-fips-iamguarded-compatpkg:apk/chainguard/external-dns-iamguarded-compatpkg:apk/chainguard/guacpkg:apk/chainguard/guaccsubpkg:apk/chainguard/guacgqlpkg:apk/chainguard/guacingestpkg:apk/chainguard/guaconepkg:apk/chainguard/melangepkg:apk/chainguard/melange-microvm-initpkg:apk/chainguard/zotpkg:apk/wolfi/daggerpkg:apk/wolfi/external-dnspkg:apk/wolfi/external-dns-bitnami-compatpkg:apk/wolfi/external-dns-iamguarded-compatpkg:apk/wolfi/guacpkg:apk/wolfi/guaccsubpkg:apk/wolfi/guacgqlpkg:apk/wolfi/guacingestpkg:apk/wolfi/guaconepkg:apk/wolfi/melangepkg:apk/wolfi/melange-microvm-initpkg:apk/wolfi/zotpkg:golang/github.com/vektah/gqlparserpkg:golang/github.com/vektah/gqlparser/v2
< 0.11.7-r1+ 28 more
- (no CPE)range: < 0.11.7-r1
- (no CPE)range: < 0.14.2-r3
- (no CPE)range: < 0.14.2-r3
- (no CPE)range: < 0.14.2-r4
- (no CPE)range: < 0.14.2-r4
- (no CPE)range: < 0.14.2-r4
- (no CPE)range: < 0.14.2-r3
- (no CPE)range: < 0.7.2-r2
- (no CPE)range: < 0.7.2-r2
- (no CPE)range: < 0.7.2-r2
- (no CPE)range: < 0.7.2-r2
- (no CPE)range: < 0.7.2-r2
- (no CPE)range: < 0.8.6-r1
- (no CPE)range: < 0.8.6-r1
- (no CPE)range: < 2.0.4-r6
- (no CPE)range: < 0.11.7-r1
- (no CPE)range: < 0.14.2-r3
- (no CPE)range: < 0.14.2-r3
- (no CPE)range: < 0.14.2-r3
- (no CPE)range: < 0.7.2-r2
- (no CPE)range: < 0.7.2-r2
- (no CPE)range: < 0.7.2-r2
- (no CPE)range: < 0.7.2-r2
- (no CPE)range: < 0.7.2-r2
- (no CPE)range: < 0.8.6-r1
- (no CPE)range: < 0.8.6-r1
- (no CPE)range: < 2.0.4-r6
- (no CPE)range: < 2.5.14
- (no CPE)range: < 2.5.14
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-2hmf-46v7-v6fxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-49559ghsaADVISORY
- gist.github.com/uvzz/d3ed9d4532be16ec1040a2cf3dfec8d1nvdWEB
- github.com/99designs/gqlgen/issues/3118ghsaWEB
- github.com/vektah/gqlparser/blob/master/parser/query.goghsaWEB
- github.com/vektah/gqlparser/commit/36a3658873bf5a107f42488dfc392949cdd02977ghsaWEB
News mentions
0No linked articles in our index yet.