CVE-2021-43801

Published: Dic 13, 2021 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2021-2420 Aliases: GHSA-273r-rm8g-7f3x
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
MEDIUM 5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: none
Availability: partial

Description

AI Translation Available

Mercurius is a GraphQL adapter for Fastify. Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to `/graphql` unless they are using a custom error handler. The vulnerability has been fixed in https://github.com/mercurius-js/mercurius/pull/678 and shipped as v8.11.2. As a workaround users may use a custom error handler.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0037
Percentile
0,6th
Updated

EPSS Score Trend (Last 91 Days)

754

Improper Check for Unusual or Exceptional Conditions

Incomplete
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Availability
Potential Impacts:
Dos: Crash, Exit, Or Restart Unexpected State
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: Medium
View CWE Details
Application

Mercurius by Mercurius Project

Product Information
Vendor Mercurius Project
Product Mercurius
Version Range Affected
From 8.10.0 (inclusive)
To 8.11.2 (exclusive)
cpe:2.3:a:mercurius_project:mercurius:*:*:*:*:*:node.js:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/mercurius-js/mercurius/issues/677
Issue Tracking Patch Third Party Advisory
https://github.com/mercurius-js/mercurius/issues/677
https://github.com/mercurius-js/mercurius/pull/678/commits/…
Patch Third Party Advisory
https://github.com/mercurius-js/mercurius/pull/678/commits/732b2f895312da8deadd…
https://github.com/mercurius-js/mercurius/security/advisori…
Patch Third Party Advisory
https://github.com/mercurius-js/mercurius/security/advisories/GHSA-273r-rm8g-7f…
https://github.com/mercurius-js/mercurius/issues/677
Issue Tracking Patch Third Party Advisory
https://github.com/mercurius-js/mercurius/issues/677
https://github.com/mercurius-js/mercurius/pull/678/commits/…
Patch Third Party Advisory
https://github.com/mercurius-js/mercurius/pull/678/commits/732b2f895312da8deadd…
https://github.com/mercurius-js/mercurius/security/advisori…
Patch Third Party Advisory
https://github.com/mercurius-js/mercurius/security/advisories/GHSA-273r-rm8g-7f…