CNNVD-202601-2741 Information
CNNVD ID
CNNVD-202601-2741
Related CVE
- CNNVD Published: 2026-01-16
Description (Chinese)
Graphql Modules是Hive开源的一个GraphQL服务器的后端框架。 Graphql Modules 2.2.1版本至2.4.1之前版本和3.1.1之前版本存在竞争条件问题漏洞,该漏洞源于并行请求时上下文混淆,可能导致信息泄露。
Description (English)
Graphql Modules is the back-end framework for a GraphicQL server that is open to live. There is a loophole in the competition conditions between the Graphql Modules version 2.2.1 and the previous version of 2.1.1, which stems from confusion in the context of parallel requests and may lead to the disclosure of information.
Hazard Level
Medium
Vulnerability Type
竞争条件问题
Affected Vendor
Hive
Published
2026-01-16
Last Modified
2026-02-24
References
https://github.com/graphql-hive/graphql-modules/pull/2521 https://github.com/graphql-hive/graphql-modules/releases/tag/release-1768575025568 https://github.com/graphql-hive/graphql-modules/issues/2613 https://github.com/graphql-hive/graphql-modules/security/advisories/GHSA-53wg-r69p-v3r7 https://access.redhat.com/security/cve/cve-2026-23735
Patch
https://github.com/graphql-hive/graphql-modules
Share on: