{"url":"http://public2.vulnerablecode.io/api/packages/68268?format=json","purl":"pkg:maven/edu.gemini/gsp-graphql-core_3@0.14.0","type":"maven","namespace":"edu.gemini","name":"gsp-graphql-core_3","version":"0.14.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46690?format=json","vulnerability_id":"VCID-dfhj-eq1n-1fhr","summary":"Grackle has StackOverflowError in GraphQL query processing\n### Impact\n\nPrior to this fix, the GraphQL query parsing was vulnerable to `StackOverflowError`s. The possibility of small queries resulting in stack overflow is a potential denial of service vulnerability.\n\nThis potentially affects all applications using Grackle which have untrusted users.\n\n> [!CAUTION] \n> **No specific knowledge of an application's GraphQL schema would be required to construct a pathological query.**\n\n### Patches\nThe stack overflow issues have been resolved in the v0.18.0 release of Grackle.\n\n### Workarounds\nUsers could interpose a sanitizing layer in between untrusted input and Grackle query processing.","references":[{"reference_url":"https://github.com/typelevel/grackle/commit/56e244b91659cf385df590fc6c46695b6f36cbfd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/typelevel/grackle/commit/56e244b91659cf385df590fc6c46695b6f36cbfd"},{"reference_url":"https://github.com/typelevel/grackle/releases/tag/v0.18.0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/typelevel/grackle/releases/tag/v0.18.0"},{"reference_url":"https://github.com/advisories/GHSA-g56x-7j6w-g8r8","reference_id":"GHSA-g56x-7j6w-g8r8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g56x-7j6w-g8r8"},{"reference_url":"https://github.com/typelevel/grackle/security/advisories/GHSA-g56x-7j6w-g8r8","reference_id":"GHSA-g56x-7j6w-g8r8","reference_type":"","scores":[],"url":"https://github.com/typelevel/grackle/security/advisories/GHSA-g56x-7j6w-g8r8"}],"fixed_packages":[],"aliases":["CVE-2023-50730","GHSA-g56x-7j6w-g8r8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dfhj-eq1n-1fhr"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/edu.gemini/gsp-graphql-core_3@0.14.0"}