CVE-2023-28867 Information

Description

In GraphQL Java (aka graphql-java) before 20.1 an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1 19.4 18.4 17.5 and 0.0.0-2023-03-20T01-49-44-80e3135.

Reference

https://github.com/graphql-java/graphql-java/pull/3112 https://github.com/graphql-java/graphql-java/releases/tag/v19.4 https://github.com/graphql-java/graphql-java/releases/tag/v17.5 https://github.com/graphql-java/graphql-java/releases/tag/v18.4 https://github.com/graphql-java/graphql-java/releases/tag/v20.1