CVE-2022-30288
Published
CVSS v3
7.5
HIGH
CVSS v2
5
MEDIUM
Affected
2
PROJECTS
Description
Agoo before 2.14.3 does not reject GraphQL fragment spreads that form cycles, leading to an application crash. NOTE: the vendor has disputed this on the grounds that it is not the server's responsibility to "enforce all the various ways a developer could write code with logic errors.
GraphQL threat framework used by security professionals to research security gaps in GraphQL implementations
GitHub