An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function.

References

• https://nvd.nist.gov/vuln/detail/CVE-2023-49559
• https://gist.github.com/uvzz/d3ed9d4532be16ec1040a2cf3dfec8d1
• 99designs/gqlgen#3118
• vektah/gqlparser@36a3658
• https://github.com/vektah/gqlparser/blob/master/parser/query.go#L316