Add advisories for async-graphql/juniper denial of service issues (#1290)

* Add advisory for async-graphql DoS issue * Add advisory for juniper DoS issue
2025-12-27 01:54:07 -05:00 · 2022-08-02 19:58:29 +02:00
parent e4ac884b59
commit 259863da4f
2 changed files with 36 additions and 0 deletions
--- a/crates/async-graphql/RUSTSEC-0000-0000.md
+++ b/crates/async-graphql/RUSTSEC-0000-0000.md
@@ -0,0 +1,18 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "async-graphql"
+date = "2022-07-21"
+url = "https://github.com/async-graphql/async-graphql/commit/521769b80039fc8043d1c9883e3d6e5b57359072"
+categories = ["denial-of-service"]
+cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+aliases = ["GHSA-xq3c-8gqm-v648"]
+related = ["GHSA-4rx6-g5vg-5f3j"]
+
+[versions]
+patched = [">= 0.15.10"]
+```
+
+# Denial of service on deeply nested fragment requests
+
+Deeply nested fragments in a GraphQL request may cause a stack overflow in the server.
--- a/crates/juniper/RUSTSEC-0000-0000.md
+++ b/crates/juniper/RUSTSEC-0000-0000.md
@@ -0,0 +1,18 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "juniper"
+date = "2022-07-28"
+url = "https://github.com/graphql-rust/juniper/security/advisories/GHSA-4rx6-g5vg-5f3j"
+categories = ["denial-of-service"]
+cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+aliases = ["GHSA-4rx6-g5vg-5f3j", "CVE-2022-31173"]
+related = ["GHSA-xq3c-8gqm-v648"]
+
+[versions]
+patched = [">= 0.15.10"]
+```
+
+# Denial of service on deeply nested fragment requests
+
+Deeply nested fragments in a GraphQL request may cause a stack overflow in the server.