Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/golang-github-graph-gophers-graphql-go@0.0~git20180609.bb97385-2.1?distro=trixie
Typedeb
Namespacedebian
Namegolang-github-graph-gophers-graphql-go
Version0.0~git20180609.bb97385-2.1
Qualifiers
distro trixie
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.3.0-1
Latest_non_vulnerable_version1.10.2-1
Affected_by_vulnerabilities
0
url VCID-886c-mqdm-wkg3
vulnerability_id VCID-886c-mqdm-wkg3
summary graphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access to the GraphQL handler can send these queries and cause stack overflows. This in turn could potentially compromise the ability of the server to serve data to its users. The issue has been patched in version `v1.3.0`. The only known workaround for this issue is to disable the `graphql.MaxDepth` option from your schema which is not recommended.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21708.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21708.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-21708
reference_id
reference_type
scores
0
value 0.00155
scoring_system epss
scoring_elements 0.35988
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-21708
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21708
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21708
3
reference_url https://github.com/graph-gophers/graphql-go
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/graph-gophers/graphql-go
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-21708
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-21708
5
reference_url https://pkg.go.dev/vuln/GO-2022-0300
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2022-0300
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2045014
reference_id 2045014
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2045014
7
reference_url https://github.com/graph-gophers/graphql-go/commit/eae31ca73eb3473c544710955d1dbebc22605bfe
reference_id eae31ca73eb3473c544710955d1dbebc22605bfe
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:41Z/
url https://github.com/graph-gophers/graphql-go/commit/eae31ca73eb3473c544710955d1dbebc22605bfe
8
reference_url https://github.com/graph-gophers/graphql-go/security/advisories/GHSA-mh3m-8c74-74xh
reference_id GHSA-mh3m-8c74-74xh
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:41Z/
url https://github.com/graph-gophers/graphql-go/security/advisories/GHSA-mh3m-8c74-74xh
9
reference_url https://access.redhat.com/errata/RHSA-2024:0735
reference_id RHSA-2024:0735
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0735
10
reference_url https://access.redhat.com/errata/RHSA-2024:3885
reference_id RHSA-2024:3885
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3885
11
reference_url https://access.redhat.com/errata/RHSA-2024:4006
reference_id RHSA-2024:4006
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4006
fixed_packages
0
url pkg:deb/debian/golang-github-graph-gophers-graphql-go@1.3.0-1?distro=trixie
purl pkg:deb/debian/golang-github-graph-gophers-graphql-go@1.3.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-graph-gophers-graphql-go@1.3.0-1%3Fdistro=trixie
1
url pkg:deb/debian/golang-github-graph-gophers-graphql-go@1.5.0-1?distro=trixie
purl pkg:deb/debian/golang-github-graph-gophers-graphql-go@1.5.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-graph-gophers-graphql-go@1.5.0-1%3Fdistro=trixie
2
url pkg:deb/debian/golang-github-graph-gophers-graphql-go@1.6.0-1?distro=trixie
purl pkg:deb/debian/golang-github-graph-gophers-graphql-go@1.6.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-graph-gophers-graphql-go@1.6.0-1%3Fdistro=trixie
3
url pkg:deb/debian/golang-github-graph-gophers-graphql-go@1.10.2-1?distro=trixie
purl pkg:deb/debian/golang-github-graph-gophers-graphql-go@1.10.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-graph-gophers-graphql-go@1.10.2-1%3Fdistro=trixie
aliases CVE-2022-21708, GHSA-mh3m-8c74-74xh
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-886c-mqdm-wkg3
Fixing_vulnerabilities
Risk_score3.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-graph-gophers-graphql-go@0.0~git20180609.bb97385-2.1%3Fdistro=trixie