NodeJS/graphql/16.4.0
A Query Language and Runtime which can target any service.
https://www.npmjs.com/package/graphql
MIT
1 Security Vulnerabilities
graphql Uncontrolled Resource Consumption vulnerability
Published date: 2023-09-20T06:30:50Z
CVE: CVE-2023-26144
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2023-26144
- https://github.com/graphql/graphql-js/issues/3955
- https://github.com/graphql/graphql-js/pull/3972
- https://github.com/graphql/graphql-js/releases/tag/v16.8.1
- https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181
- https://github.com/graphql/graphql-js/commit/8f4c64eb6a7112a929ffeef00caa67529b3f2fcf
- https://github.com/advisories/GHSA-9pv7-vfvm-6vr7
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.
Note: It was not proven that this vulnerability can crash the process.
Affected versions:
["16.3.0", "16.3.0-canary.pr.3418.662180be9091ee1edf699b4cf4922bd5b7705297", "16.4.0", "16.4.0-canary.pr.2839.e3a8069cfaa6406186314b62aced6487f417a2e6", "16.5.0", "16.5.0-canary.pr.3686.d9ad8e3fd58929d38deea522d794a6b22d3244b5", "16.6.0", "16.7.0", "16.7.1", "16.8.0"]
Secure versions:
[0.0.2, 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 0.1.8, 0.1.9, 0.1.10, 0.1.11, 0.1.12, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.3.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.4.7, 0.4.8, 0.4.9, 0.4.10, 0.4.11, 0.4.12, 0.4.13, 0.4.14, 0.4.15, 0.4.16, 0.4.17, 0.4.18, 0.5.0-beta.1, 0.5.0, 0.6.0, 0.6.1, 0.6.2, 0.7.0, 0.7.1, 0.7.2, 0.8.0-beta1, 0.8.0-beta2, 0.8.0-beta3, 0.8.0, 0.8.1, 0.8.2, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.11.0, 0.11.1, 0.11.2, 0.11.3, 0.11.4, 0.11.5, 0.11.6, 0.11.7, 0.12.0, 0.12.1, 0.12.2, 0.12.3, 0.13.0-rc.1, 0.13.0, 0.13.1, 0.13.2, 14.0.0-rc.1, 14.0.0-rc.2, 14.0.0, 14.0.1, 14.0.2, 14.1.0, 14.1.1, 14.2.0, 14.2.1, 14.3.0, 14.3.1, 14.4.0, 14.4.1, 14.4.2, 14.5.0, 14.5.1, 14.5.2, 14.5.3, 14.5.4, 14.5.5, 14.5.6, 14.5.7, 14.5.8, 15.0.0-alpha.1, 15.0.0-alpha.2, 15.0.0-rc.1, 14.6.0, 15.0.0-rc.2, 15.0.0, 15.1.0, 15.2.0, 15.3.0, 14.7.0, 15.4.0, 15.5.0, 16.0.0-alpha.1, 16.0.0-alpha.2, 16.0.0-alpha.3, 16.0.0-alpha.4, 16.0.0-alpha.5, 15.5.1, 16.0.0-rc.1, 16.0.0-rc.2, 15.5.2, 15.5.3, 15.6.0, 15.6.1, 16.0.0-rc.3, 16.0.0-rc.4, 16.0.0-rc.5, 16.0.0-rc.6, 15.7.0, 16.0.0-rc.7, 15.7.1, 15.7.2, 16.0.0, 16.0.1, 15.8.0, 16.1.0, 16.2.0, 16.3.0-canary.pr.3469.bef54ca054e29cae26d2dd974eedf2c12bca7ef4, 16.3.0-canary.pr.3469.bc0462e3d100314d7aa00049d2c15cbb58d8b3d8, 16.3.0-canary.pr.3469.8212fa925aa1a32715752030913a6e296e8c0fd3, 16.3.0-canary.pr.3479.undefined, 16.3.0-canary.pr.3480.undefined, 16.3.0-canary.pr.3481.undefined, 16.3.0-canary.pr.3482.undefined, 16.3.0-canary.pr.3483.undefined, 16.3.0-canary.pr.3484.b6999ce061b975f1c6c99c790782323b91c5eb21, 16.3.0-canary.pr.3485.d71879afe1f1411b80adcbfe33bd95ab57e7fc11, 16.3.0-canary.pr.3485.3c71ef7dd720383cba84a1637665fc18001c4f32, 16.3.0-canary.pr.3486.c8ac9896696f401b9efffa1806443732cb0a010d, 16.3.0-canary.pr.2839.7e65b1d8e7b5bf1ef1592babff40b9873198a741, 16.3.0-canary.pr.3487.8c9c7200bf3db49bf1c32055d60fdd5ea3089add, 16.3.0-canary.pr.3487.a0dcf0130ae81994df47049c9233df11516abfcd, 16.3.0-canary.pr.3488.0d90f0c792c9d223b5505d3cc0d9a8519bb2883a, 16.3.0-canary.pr.3488.9f7ad13c9ae7289c4d425698bd040d36978ff81a, 16.3.0-canary.pr.3489.568f3378cc3cf660e25d79253cc9a101ae9df4e0, 16.3.0-canary.pr.3482.e5eb0dafc74d537a1e07c6a2cc15afdc1431537f, 0.0.1-test.1, 16.3.0-canary.pr.3493.365426c363b5db8b3278d34deff0d790edcb6fdd, 16.3.0-canary.pr.3494.612fd45b42a5e2aa26d9bd72e1c89d7219620dea, 16.3.0-canary.pr.3496.43a2529cfa6890f5a11867e62c7a817d7879235d, 16.3.0-canary.pr.3482.7777ea054008ac921136cf694d64041494250def, 16.3.0-canary.pr.3497.4a0bc98371a633cf49efc236c1011ca5a955e848, 16.3.0-canary.pr.3498.5fd2797529557639476d5aa24359f97653bcbf22, 16.3.0-canary.pr.3482.6f2ec221eab5916d6d7bbfc6167256477bd35c45, 16.3.0-canary.pr.3499.ee62926bcf03d7d05ccb227cb7a67338ebab423d, 16.3.0-canary.pr.3501.1daccf7bfd7fe9ffeabb319f26aa1b9bf5133e4c, 16.3.0-canary.pr.3502.de9b8457d4a34eb544ff7b97ffacd641c913a2d1, 16.3.0-canary.pr.3494.25e1e8c8de6b13288ac61febf75d6f415f81a044, 16.3.0-canary.pr.3504.7c7b6ed1e17e6cf5e114f1a89a24d289fb969aff, 16.3.0-canary.pr.3505.9190e5ce1cc557931a15ca1f7b15586f033c8a02, 16.3.0-canary.pr.3505.b157d96d56ade071a24a1b0c71334efb9af57689, 16.3.0-canary.pr.3418.64c65ba6a2e7e923ed9a476c945f3c72da7a6c7f, 16.3.0-canary.pr.3134.aaacb12ce929a1f2899503018cc6d39a2f83ae28, 16.3.0-canary.pr.2757.7e793c133f5b9c47a1b12e98ea3a35b1b1471dc4, 16.3.0-canary.pr.2839.0f282a62cbd565b6e8682f6c1e8c49ac075ac257, 16.3.0-canary.pr.2839.f76ee8fd7af45d88a33dfc674f2a71d505d2d9b1, 16.3.0-canary.pr.2839.3405bedecf6a15ea89f64d6a86d84234a3c0cf7b, 16.3.0-canary.pr.3506.be685b29062b443b0962af292fb5c9337331db70, 16.3.0-canary.pr.2839.5c5e3621fdc4e4ee4e7f781962fe4a99319d6ac0, 16.3.0-canary.pr.2839.9c3b21ca34d760070b76424327061e6b4ad26f05, 16.3.0-canary.pr.3510.942fbd8ea3d803e74908fabecbe03dfaefe3e5c8, 16.3.0-canary.pr.3510.5099f4491dc2a35a3e4a0270a55e2a228c15f13b, 16.3.0-canary.pr.3512.a3b8b9e394ae4050a2100de2720f8b3ded0a3e41, 16.3.0-canary.pr.3514.a34e553c7cc83a21ffa73c7bf1a1932007a2606b, 16.3.0-canary.pr.3465.6c6701425310ce7f866ce71628bdf9443ae0f0af, 16.3.0-canary.pr.3518.3a63d81d7ad886f7edc3cab06fd2295b71c91bed, 16.3.0-canary.pr.3520.688c34204fb183f15a334882567d4d6d011cd234, 16.3.0-canary.pr.3521.f50bec8fecfd5aaa7e74227c5a4b9056dae9e849, 16.3.0-canary.pr.2839.aab5478afb03155d26abbee8ad8fa34841ee3be3, 16.3.0-canary.pr.2839.09322403ecf6640bfc695dab3ffe5e98f611911d, 17.0.0-alpha.1, 17.0.0-alpha.1.canary.pr.3601.9a812ce71ad05c9dc089b40129f8295ca733e108, 17.0.0-alpha.1.canary.pr.2839.db4d0cdea30214fb7bb00724b7827708ca5de8a5, 17.0.0-alpha.1.canary.pr.3658.null, 17.0.0-alpha.1.canary.pr.3659.cef660554446d49cec9a0958afb9690dd0b19193, 17.0.0-alpha.1.canary.pr.3651.57364d3f9da445b2bba520d3b886e07dc2af10e2, 17.0.0-alpha.1.canary.pr.3673.53c289997f206acd10388d6a574341c68cc1a30e, 17.0.0-alpha.1.canary.pr.3659.735abf5edacd99b712ddb40d89bd8b213640eb07, 17.0.0-alpha.1.canary.pr.3703.fce1b706e279820c9612ad3061b740b831f17672, 17.0.0-alpha.1.canary.pr.3703.9360805de6310b453b76a53431f921b44a76c2f9, 17.0.0-alpha.1.canary.pr.3703.df016a7b352e356ad0049dd81e2cd14252cec5fe, 17.0.0-alpha.1.canary.pr.3659.5dba20aef36112d13569d5f296ef967383e60d0f, 17.0.0-alpha.1.canary.pr.3361.04ab27334641e170ce0e05bc927b972991953882, 17.0.0-alpha.2, 17.0.0-alpha.2.canary.pr.3791.264f22163eb937ff87a420be9f7d45965f2cbf07, 17.0.0-alpha.2.canary.pr.3754.1564174b0dc26e0adf7ff2833716d06606b06a20, 17.0.0-alpha.2.canary.pr.3791.e6d3ec58026d75b71b7b84c3da5f376ec7eeca94, 17.0.0-alpha.2.canary.pr.3791.22288c73e61ad3ca68687546f2058561e41fcc93, 17.0.0-alpha.2.canary.pr.3911.a281faf70fee4ba1522af45cf15f41a899c723c4, 17.0.0-alpha.2.canary.pr.3937.8e773a04d8041ffc00a1550e8c6688e01ba11832, 17.0.0-alpha.2.canary.pr.3957.454033bcee41c456acce935e49e3e420b75115e4, 17.0.0-alpha.3, 16.8.1, 17.0.0-alpha.3.canary.pr.3969.83688beb16ecba5a0495158c3c2b3684730579bf, 17.0.0-alpha.3.canary.pr.3791.4a8f641106bee54f1e4a4de4bf59c49976541b00, 17.0.0-alpha.3.canary.pr.4002.b3f6af2e83280d7830b2a01265e0977b7b68e2f4, 17.0.0-alpha.3.canary.pr.4026.5922420b3b235970ee230497190e28c8290c8f16, 17.0.0-alpha.3.canary.pr.4026.5e657d31b3abdc38acd6bb21c50ed3a41aa33905, 17.0.0-alpha.3.canary.pr.4026.74aa85f56dea9ab9feb4445165eb0e2347ea674f, 17.0.0-alpha.3.canary.pr.4026.d2f30cc0780dd436b1a05aa23dfa28c83da7d033, 17.0.0-alpha.3.canary.pr.4032.4fb41fe3e1f2b4b27437138d6d7d4763c1992e7a, 17.0.0-alpha.3.canary.pr.4035.3404abc2382e32f6a3ab26f08a9ed54554678fa9, 17.0.0-alpha.3.canary.pr.4032.8bcdcea90e0a24432a78270866c27e0db6a2ae4d, 17.0.0-alpha.3.canary.pr.4026.1140ceffaf9629dd46a16d4fd28479240752f6eb, 17.0.0-alpha.3.canary.pr.4026.405885d861f562a160f9e92d0be418d819312016]
Recommendation:
Update to version 16.8.1.
241 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 16.4.0-canary.pr.2839.e3a8069cfaa6406186314b62aced6487f417a2e6 | MIT | 1 | 2022-04-27 - 18:50 | about 2 years |
| 16.6.0 | MIT | 1 | 2022-08-16 - 19:26 | over 1 year |
| 16.5.0 | MIT | 1 | 2022-05-09 - 16:32 | about 2 years |
| 16.5.0-canary.pr.3686.d9ad8e3fd58929d38deea522d794a6b22d3244b5 | MIT | 1 | 2022-08-02 - 11:35 | almost 2 years |
| 16.4.0 | MIT | 1 | 2022-04-25 - 13:31 | about 2 years |
| 16.7.1 | MIT | 1 | 2023-06-22 - 17:14 | 11 months |
| 16.8.0 | MIT | 1 | 2023-08-14 - 19:35 | 9 months |
| 16.3.0-canary.pr.3418.662180be9091ee1edf699b4cf4922bd5b7705297 | MIT | 1 | 2022-02-23 - 17:13 | about 2 years |
| 16.7.0 | MIT | 1 | 2023-06-21 - 16:35 | 11 months |
| 16.3.0 | MIT | 1 | 2022-01-26 - 16:33 | over 2 years |
| 0.1.9 | BSD-3-Clause | 2015-07-27 - 23:23 | almost 9 years | |
| 0.1.8 | BSD-3-Clause | 2015-07-23 - 22:22 | almost 9 years | |
| 0.1.11 | BSD-3-Clause | 2015-07-28 - 03:01 | almost 9 years | |
| 0.1.10 | BSD-3-Clause | 2015-07-27 - 23:37 | almost 9 years | |
| 0.1.12 | BSD-3-Clause | 2015-07-28 - 03:07 | almost 9 years | |
| 0.2.1 | BSD-3-Clause | 2015-07-31 - 02:13 | almost 9 years | |
| 0.2.2 | BSD-3-Clause | 2015-07-31 - 04:25 | almost 9 years | |
| 0.2.3 | BSD-3-Clause | 2015-08-02 - 09:22 | almost 9 years | |
| 0.2.4 | BSD-3-Clause | 2015-08-03 - 20:24 | almost 9 years | |
| 0.2.5 | BSD-3-Clause | 2015-08-06 - 17:41 | almost 9 years | |
| 0.2.6 | BSD-3-Clause | 2015-08-07 - 21:24 | almost 9 years | |
| 0.3.0 | BSD-3-Clause | 2015-08-12 - 01:36 | almost 9 years | |
| 0.4.1 | BSD-3-Clause | 2015-08-14 - 08:37 | over 8 years | |
| 0.4.2 | BSD-3-Clause | 2015-08-14 - 09:31 | over 8 years | |
| 0.1.5 | BSD-3-Clause | 2015-07-17 - 01:45 | almost 9 years | |
| 0.4.4 | BSD-3-Clause | 2015-09-14 - 19:22 | over 8 years | |
| 0.4.5 | BSD-3-Clause | 2015-10-01 - 01:49 | over 8 years | |
| 0.4.6 | BSD-3-Clause | 2015-10-02 - 03:00 | over 8 years | |
| 0.4.7 | BSD-3-Clause | 2015-10-02 - 03:18 | over 8 years | |
| 0.4.8 | BSD-3-Clause | 2015-10-21 - 00:04 | over 8 years | |
| 0.4.9 | BSD-3-Clause | 2015-10-22 - 05:56 | over 8 years | |
| 0.4.10 | BSD-3-Clause | 2015-10-27 - 02:32 | over 8 years | |
| 0.4.11 | BSD-3-Clause | 2015-10-27 - 02:58 | over 8 years | |
| 0.4.12 | BSD-3-Clause | 2015-10-27 - 04:00 | over 8 years | |
| 0.4.13 | BSD-3-Clause | 2015-11-17 - 20:14 | over 8 years | |
| 0.4.14 | BSD-3-Clause | 2015-12-01 - 08:19 | over 8 years | |
| 0.4.15 | BSD-3-Clause | 2016-02-03 - 01:18 | over 8 years | |
| 0.4.16 | BSD-3-Clause | 2016-02-03 - 06:03 | over 8 years | |
| 0.4.17 | BSD-3-Clause | 2016-02-09 - 08:27 | over 8 years | |
| 0.4.18 | BSD-3-Clause | 2016-02-18 - 01:49 | about 8 years | |
| 0.1.4 | BSD-3-Clause | 2015-07-14 - 22:22 | almost 9 years | |
| 0.5.0 | BSD-3-Clause | 2016-04-08 - 01:37 | about 8 years | |
| 0.6.0 | BSD-3-Clause | 2016-05-10 - 22:00 | about 8 years | |
| 0.6.1 | BSD-3-Clause | 2016-07-06 - 23:20 | almost 8 years | |
| 0.6.2 | BSD-3-Clause | 2016-07-21 - 21:06 | almost 8 years | |
| 0.7.0 | BSD-3-Clause | 2016-08-25 - 23:31 | over 7 years | |
| 0.7.1 | BSD-3-Clause | 2016-09-29 - 01:57 | over 7 years | |
| 0.7.2 | BSD-3-Clause | 2016-10-10 - 18:14 | over 7 years | |
| 0.8.0-beta1 | BSD-3-Clause | 2016-11-03 - 05:29 | over 7 years | |
| 0.8.0-beta2 | BSD-3-Clause | 2016-11-04 - 00:14 | over 7 years | |
| 0.8.0-beta3 | BSD-3-Clause | 2016-11-04 - 00:18 | over 7 years | |
| 0.8.0 | BSD-3-Clause | 2016-11-10 - 19:25 | over 7 years | |
| 0.8.1 | BSD-3-Clause | 2016-11-11 - 22:04 | over 7 years | |
| 0.8.2 | BSD-3-Clause | 2016-11-16 - 02:13 | over 7 years | |
| 0.9.0 | BSD-3-Clause | 2017-01-24 - 20:37 | over 7 years | |
| 0.9.1 | BSD-3-Clause | 2017-01-26 - 21:28 | over 7 years | |
| 0.9.2 | BSD-3-Clause | 2017-03-31 - 17:16 | about 7 years | |
| 0.9.3 | BSD-3-Clause | 2017-04-12 - 17:38 | about 7 years | |
| 0.9.4 | BSD-3-Clause | 2017-04-28 - 00:04 | about 7 years | |
| 0.9.5 | BSD-3-Clause | 2017-04-29 - 02:33 | about 7 years | |
| 0.9.6 | BSD-3-Clause | 2017-05-02 - 00:22 | about 7 years | |
| 0.10.0 | BSD-3-Clause | 2017-05-25 - 21:27 | almost 7 years | |
| 0.10.1 | BSD-3-Clause | 2017-05-26 - 22:19 | almost 7 years | |
| 0.10.2 | BSD-3-Clause | 2017-06-20 - 20:37 | almost 7 years | |
| 0.10.3 | BSD-3-Clause | 2017-06-20 - 21:01 | almost 7 years | |
| 0.10.4 | BSD-3-Clause | 2017-07-14 - 22:18 | almost 7 years | |
| 0.1.6 | BSD-3-Clause | 2015-07-17 - 06:02 | almost 9 years | |
| 0.11.0 | BSD-3-Clause | 2017-08-25 - 20:19 | over 6 years | |
| 0.11.1 | BSD-3-Clause | 2017-08-26 - 01:00 | over 6 years | |
| 0.11.2 | BSD-3-Clause | 2017-08-29 - 14:06 | over 6 years | |
| 0.11.3 | BSD-3-Clause | 2017-09-06 - 05:33 | over 6 years | |
| 0.11.4 | MIT | 2017-09-26 - 19:25 | over 6 years | |
| 0.11.5 | MIT | 2017-09-29 - 05:10 | over 6 years | |
| 0.11.6 | MIT | 2017-09-29 - 16:43 | over 6 years | |
| 0.11.7 | MIT | 2017-10-03 - 18:21 | over 6 years | |
| 0.12.0 | MIT | 2017-12-16 - 02:39 | over 6 years | |
| 0.12.1 | MIT | 2017-12-17 - 02:42 | over 6 years | |
| 0.12.2 | MIT | 2017-12-17 - 04:17 | over 6 years | |
| 0.12.3 | MIT | 2017-12-17 - 04:35 | over 6 years | |
| 0.13.0-rc.1 | MIT | 2018-01-29 - 22:03 | over 6 years | |
| 0.13.0 | MIT | 2018-02-07 - 19:14 | over 6 years | |
| 0.13.1 | MIT | 2018-02-15 - 22:57 | about 6 years | |
| 0.13.2 | MIT | 2018-03-16 - 20:59 | about 6 years | |
| 14.0.0-rc.1 | MIT | 2018-06-08 - 04:37 | almost 6 years | |
| 14.0.0-rc.2 | MIT | 2018-06-08 - 21:02 | almost 6 years | |
| 14.0.0 | MIT | 2018-08-30 - 17:22 | over 5 years | |
| 14.0.1 | MIT | 2018-09-06 - 21:01 | over 5 years | |
| 14.0.2 | MIT | 2018-09-06 - 21:11 | over 5 years | |
| 14.1.0 | MIT | 2019-01-15 - 23:24 | over 5 years | |
| 14.1.1 | MIT | 2019-01-16 - 19:18 | over 5 years | |
| 14.2.0 | MIT | 2019-03-26 - 19:15 | about 5 years | |
| 14.2.1 | MIT | 2019-03-31 - 12:14 | about 5 years | |
| 14.3.0 | MIT | 2019-05-07 - 10:17 | about 5 years | |
| 14.3.1 | MIT | 2019-05-23 - 17:11 | almost 5 years | |
| 14.4.0 | MIT | 2019-06-26 - 18:30 | almost 5 years | |
| 14.4.1 | MIT | 2019-06-28 - 22:36 | almost 5 years | |
| 14.4.2 | MIT | 2019-07-03 - 15:00 | almost 5 years | |
| 14.5.0 | MIT | 2019-08-22 - 11:59 | over 4 years | |
| 14.5.1 | MIT | 2019-08-23 - 16:25 | over 4 years | |
| 14.5.2 | MIT | 2019-08-23 - 22:53 | over 4 years |