CVE-2024-40094

{"id": "CVE-2024-40094", "cveTags": [], "metrics": {}, "published": "2024-07-30T07:15:01.840", "references": [{"url": "https://github.com/graphql-java/graphql-java/commit/97743bc1b5caa2b0bd894dc8e128b47e4d771e4a", "source": "cve@mitre.org"}, {"url": "https://github.com/graphql-java/graphql-java/discussions/3641", "source": "cve@mitre.org"}, {"url": "https://github.com/graphql-java/graphql-java/pull/3539", "source": "cve@mitre.org"}, {"url": "https://github.com/graphql-java/graphql-java/releases/tag/v19.11", "source": "cve@mitre.org"}, {"url": "https://github.com/graphql-java/graphql-java/releases/tag/v20.9", "source": "cve@mitre.org"}, {"url": "https://github.com/graphql-java/graphql-java/releases/tag/v21.5", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions."}, {"lang": "es", "value": " GraphQL Java (tambi\u00e9n conocido como graphql-java) anterior a 21.5 no considera adecuadamente los ExecutableNormalizedFields (ENF) como parte de la prevenci\u00f3n de la denegaci\u00f3n de servicio mediante consultas de introspecci\u00f3n. 20.9 y 19.11 tambi\u00e9n son versiones fijas."}], "lastModified": "2024-07-30T13:32:45.943", "sourceIdentifier": "cve@mitre.org"}