Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-26144 PoC — GraphQL.js 资源管理错误漏洞

Source
https://github.com/tadhglewis/apollo-koa-minimal
Associated Vulnerability
Title:GraphQL.js 资源管理错误漏洞 (CVE-2023-26144)
Description:GraphQL.js是GraphQL开源的一个 JavaScript 的 GraphQL 参考实现。 GraphQL.js 16.3.0到16.8.1版本存在安全漏洞,该漏洞源于在解析大型查询时 OverlappingFieldsCanBeMergedRule.ts 文件中检查不足,容易受到拒绝服务 (DoS) 攻击。
Description
GraphQL vulnerability disclosure: CVE-2023-26144
Readme
[CVE-2023-26144](https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181)
File Snapshot

 [4.0K]  /data/pocs/101211fa1767ebee66bef10876724a950be91ee9
├── [ 762]  graphql-js.mjs
├── [1.8K]  index.mjs
├── [ 426]  package.json
├── [ 39K]  pnpm-lock.yaml
└── [  72]  README.md

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.