Uncaught Exception
CVE-2023-22477
Summary
Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius versions through 8.13.1 and 9.0.0 through 11.4.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to "/graphql". This issue was patched in #940. As a workaround, users can disable subscriptions.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-248 - Uncaught Exception
An exception is thrown from a function, but it is not caught.
References
Advisory Timeline
- Published