GraphQL Java Before 21.5 Vulnerable to DoS via ENFs: CVE-2024-40094 July 2024

GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions.

Vulnerability Analysis

CVE-2024-40094 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

LOW

Availability Impact:

NONE

Exploit Probability

EPSS

17.53%

Percentile

95.19%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

GraphQL Java Before 21.5 Vulnerable to DoS via ENFsCVE-2024-40094 Published on July 30, 2024

Vulnerability Analysis

Exploit Probability

GraphQL Java Before 21.5 Vulnerable to DoS via ENFs
CVE-2024-40094 Published on July 30, 2024