VYPR
Medium severity5.3OSV Advisory· Published Jul 30, 2024· Updated Apr 15, 2026

CVE-2024-40094

CVE-2024-40094

Description

GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.graphql-java:graphql-javaMaven
< 19.1119.11
com.graphql-java:graphql-javaMaven
>= 20.0, < 20.920.9
com.graphql-java:graphql-javaMaven
>= 21.0, < 21.521.5

Affected products

3

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.