GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cryostat 3 on RHEL 8 | RedHat | cryostat-tech-preview/cryostat-db-rhel8:3.0.1-5 | * |
Cryostat 3 on RHEL 8 | RedHat | cryostat-tech-preview/cryostat-grafana-dashboard-rhel8:3.0.1-5 | * |
Cryostat 3 on RHEL 8 | RedHat | cryostat-tech-preview/cryostat-operator-bundle:3.0.1-5 | * |
Cryostat 3 on RHEL 8 | RedHat | cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8:3.0.1-5 | * |
Cryostat 3 on RHEL 8 | RedHat | cryostat-tech-preview/cryostat-reports-rhel8:3.0.1-5 | * |
Cryostat 3 on RHEL 8 | RedHat | cryostat-tech-preview/cryostat-rhel8:3.0.1-5 | * |
Cryostat 3 on RHEL 8 | RedHat | cryostat-tech-preview/cryostat-rhel8-operator:3.0.1-5 | * |
Cryostat 3 on RHEL 8 | RedHat | cryostat-tech-preview/cryostat-storage-rhel8:3.0.1-5 | * |
Cryostat 3 on RHEL 8 | RedHat | cryostat-tech-preview/jfr-datasource-rhel8:3.0.1-5 | * |
Red Hat build of Quarkus 3.2 | RedHat | com.graphql-java.graphql-java | * |