CVE-2024-50311 MEDIUM

CVE-2024-50311: Graphql: denial of service (dos) vulnerability via graphql batching

Weakness CWE-770 · Uncontrolled resource consumption
Published October 22, 2024
Last update November 20, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in one query. This issue causes excessive resource consumption, leading to application unavailability for legitimate users.

Key dates

02Disclosure timeline

October 22, 2024 CVE published
November 20, 2025 Record updated