CVE-2022-31173 HIGH

CVE-2022-31173: Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow

Vendor Graphql-Rust
Product juniper
Weakness CWE-400
Published August 1, 2022
Last update April 22, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Juniper is a GraphQL server library for Rust. Affected versions of Juniper are vulnerable to uncontrolled recursion resulting in a program crash. This issue has been addressed in version 0.15.10. Users are advised to upgrade. Users unable to upgrade should limit the recursion depth manually.

Key dates

02Disclosure timeline

August 1, 2022 CVE published
April 22, 2025 Record updated