You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Prior to this fix, the GraphQL query parsing was vulnerable to StackOverflowErrors. The possibility of small queries resulting in stack overflow is a potential denial of service vulnerability.
This potentially affects all applications using Grackle which have untrusted users.
Caution
No specific knowledge of an application's GraphQL schema would be required to construct a pathological query.
Patches
The stack overflow issues have been resolved in the v0.18.0 release of Grackle.
Workarounds
Users could interpose a sanitizing layer in between untrusted input and Grackle query processing.
Impact
Prior to this fix, the GraphQL query parsing was vulnerable to
StackOverflowErrors. The possibility of small queries resulting in stack overflow is a potential denial of service vulnerability.This potentially affects all applications using Grackle which have untrusted users.
Caution
No specific knowledge of an application's GraphQL schema would be required to construct a pathological query.
Patches
The stack overflow issues have been resolved in the v0.18.0 release of Grackle.
Workarounds
Users could interpose a sanitizing layer in between untrusted input and Grackle query processing.