CVE-2023-50730

Published: Dic 22, 2023 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2023-3206 Aliases: GHSA-g56x-7j6w-g8r8

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: high

Description

AI Translation Available

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments would have been accepted for type checking and compilation. The attempted compilation of such fragments would result in a JVM `StackOverflowError` being thrown. Some knowledge of an applications GraphQL schema would be required to construct such a query, however no knowledge of any application-specific performance or other behavioural characteristics would be needed.

Grackle uses the cats-parse library for parsing GraphQL queries. Prior to version 0.18.0, Grackle made use of the cats-parse `recursive` operator. However, `recursive` is not currently stack safe. `recursive` was used in three places in the parser: nested selection sets, nested input values (lists and objects), and nested list type declarations. Consequently, queries with deeply nested selection sets, input values or list types could be constructed which exploited this, causing a JVM `StackOverflowException` to be thrown during parsing. Because this happens very early in query processing, no specific knowledge of an applications GraphQL schema would be required to construct such a query.

The possibility of small queries resulting in stack overflow is a potential denial of service vulnerability. This potentially affects all applications using Grackle which have untrusted users. Both stack overflow issues have been resolved in the v0.18.0 release of Grackle. As a workaround, users could interpose a sanitizing layer in between untrusted input and Grackle query processing.

AI Generated Translation

Grackle è un server GraphQL scritto in Scala funzionale, basato sulla stack Typelevel. La specifica GraphQL richiede che i frammenti GraphQL non formino cicli, né direttamente né indirettamente. Prima della versione 0.18.0 di Grackle, tale requisito non veniva verificato, e le query con frammenti ciclici venivano accettate per il controllo del tipo e la compilazione. La compilazione tentata di tali frammenti avrebbe causato un `StackOverflowError` JVM. Tuttavia, una conoscenza dello schema GraphQL di un’applicazione era necessaria per costruire una tale query; non era invece richiesta alcuna conoscenza delle caratteristiche di performance o altri comportamenti specifici dell’applicazione.

Grackle utilizza la libreria cats-parse per il parsing delle query GraphQL. Prima della versione 0.18.0, Grackle impiegava l’operatore `recursive` di cats-parse. Tuttavia, `recursive` non è attualmente stack-safe. `recursive` veniva usato in tre punti del parser: set di selezione annidati, valori di input annidati (liste e oggetti) e dichiarazioni di tipo lista annidate. Di conseguenza, si potevano costruire query con set di selezione, valori di input o tipi di lista profondamente annidati, sfruttando questa vulnerabilità, causando un `StackOverflowException` JVM durante il parsing. Poiché ciò avviene molto presto nel processo di parsing della query, non era richiesta alcuna conoscenza specifica dello schema GraphQL di un’applicazione per costruire una tale query.

La possibilità che query di piccole dimensioni causino overflow dello stack rappresenta una potenziale vulnerabilità di denial of service. Questo problema potrebbe interessare tutte le applicazioni che utilizzano Grackle e che hanno utenti non affidabili. Entrambi i problemi di overflow dello stack sono stati risolti nella versione v0.18.0 di Grackle. Come soluzione temporanea, gli utenti potevano inserire uno strato di sanificazione tra input non affidabili e l’elaborazione delle query di Grackle.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0052

Percentile

0,7th

Updated

EPSS Score Trend (Last 90 Days)

400

Uncontrolled Resource Consumption

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Access Control Other

Potential Impacts:

Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other) Bypass Protection Mechanism Other

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: High

View CWE Details

770

Allocation of Resources Without Limits or Throttling

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Availability

Potential Impacts:

Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other)

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: High

View CWE Details

Application

Grackle by Typelevel

Product Information

Vendor Typelevel

Product Grackle

Version Range Affected

To 0.18.0 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:typelevel:grackle:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://github.com/typelevel/grackle/commit/56e244b91659cf3…

Patch

https://github.com/typelevel/grackle/commit/56e244b91659cf385df590fc6c46695b6f3…

https://github.com/typelevel/grackle/releases/tag/v0.18.0

Release Notes

https://github.com/typelevel/grackle/releases/tag/v0.18.0

https://github.com/typelevel/grackle/security/advisories/GH…

Vendor Advisory

https://github.com/typelevel/grackle/security/advisories/GHSA-g56x-7j6w-g8r8

https://github.com/typelevel/grackle/commit/56e244b91659cf3…

Patch

https://github.com/typelevel/grackle/commit/56e244b91659cf385df590fc6c46695b6f3…

https://github.com/typelevel/grackle/releases/tag/v0.18.0

Release Notes

https://github.com/typelevel/grackle/releases/tag/v0.18.0

https://github.com/typelevel/grackle/security/advisories/GH…

Vendor Advisory

https://github.com/typelevel/grackle/security/advisories/GHSA-g56x-7j6w-g8r8

CVE-2023-50730

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Uncontrolled Resource Consumption

Common Consequences

Applicable Platforms

Allocation of Resources Without Limits or Throttling

Common Consequences

Applicable Platforms

Grackle by Typelevel

Product Information

Iscriviti alla newsletter