How severe is CVE-2022-21708?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-21708?

This is classified as CWE-400, which is a common weakness in software security.

CVE-2022-21708 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

graphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access to the GraphQL handler can send these queries and cause stack overflows. This in turn could potentially compromise the ability of the server to serve data to its users. The issue has been patched in version `v1.3.0`. The only known workaround for this issue is to disable the `graphql.MaxDepth` option from your schema which is not recommended.

Related Vulnerabilities

CVE-2006-6017

MEDIUM

CVSS:6.5(Medium)

WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application cr...

CWE-4002006

CVE-2011-1459

MEDIUM

CVSS:6.5(Medium)

The WebKit::WebPluginContainerImpl::handleEvent function in Google Chrome before Blink M11 allows an attacker to cause a denial of service (crash) via the htmlpluginelement.cpp plugin.

CWE-4002011

CVE-2012-0260

MEDIUM

CVSS:6.5(Medium)

The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of res...

CWE-4002012

CVE-2012-4863

MEDIUM

CVSS:6.5(Medium)

IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability

CWE-4002012

CVE-2014-3672

MEDIUM

CVSS:6.5(Medium)

The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.

CWE-4002014

CVE-2014-7813

MEDIUM

CVSS:6.5(Medium)

Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack o...

CWE-4002014