CVE Vulnerabilities

CVE-2024-40094

Published: Jul 30, 2024 | Modified: Jul 30, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu

GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions.

Affected Software

Name Vendor Start Version End Version
Cryostat 3 on RHEL 8 RedHat cryostat-tech-preview/cryostat-db-rhel8:3.0.1-5 *
Cryostat 3 on RHEL 8 RedHat cryostat-tech-preview/cryostat-grafana-dashboard-rhel8:3.0.1-5 *
Cryostat 3 on RHEL 8 RedHat cryostat-tech-preview/cryostat-operator-bundle:3.0.1-5 *
Cryostat 3 on RHEL 8 RedHat cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8:3.0.1-5 *
Cryostat 3 on RHEL 8 RedHat cryostat-tech-preview/cryostat-reports-rhel8:3.0.1-5 *
Cryostat 3 on RHEL 8 RedHat cryostat-tech-preview/cryostat-rhel8:3.0.1-5 *
Cryostat 3 on RHEL 8 RedHat cryostat-tech-preview/cryostat-rhel8-operator:3.0.1-5 *
Cryostat 3 on RHEL 8 RedHat cryostat-tech-preview/cryostat-storage-rhel8:3.0.1-5 *
Cryostat 3 on RHEL 8 RedHat cryostat-tech-preview/jfr-datasource-rhel8:3.0.1-5 *
Red Hat build of Quarkus 3.2 RedHat com.graphql-java.graphql-java *

References