CVE-2023-40180: Denial of service vulnerability in silverstripe-graphql via recursive queries
First published: Mon Oct 16 2023(Updated: )
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Credit: security-advisories@github.com security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/silverstripe/graphql | >=5.0.0<5.0.3 | 5.0.3 |
| composer/silverstripe/graphql | >=4.3.0<4.3.4 | 4.3.4 |
| composer/silverstripe/graphql | >=4.2.0<4.2.5 | 4.2.5 |
| composer/silverstripe/graphql | >=4.0.0<4.1.3 | 4.1.3 |
| composer/silverstripe/graphql | >=3.0.0<3.8.2 | 3.8.2 |
| Silverstripe Graphql | >=3.0.0<3.8.2 | |
| Silverstripe Graphql | >=4.0.0<4.1.3 | |
| Silverstripe Graphql | >=4.2.0<4.2.5 | |
| Silverstripe Graphql | >=4.3.0<4.3.4 | |
| Silverstripe Graphql | >=5.0.0<5.0.3 |
Remedy
https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66
- https://nvd.nist.gov/vuln/detail/CVE-2023-40180
- https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c
- https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries
- https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2023-40180.yaml
- https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries
- https://www.silverstripe.org/download/security-releases/CVE-2023-40180
- https://github.com/advisories/GHSA-v23w-pppm-jh66 (Advisory)
Frequently Asked Questions
What is the impact of CVE-2023-40180?
An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website.
Which websites are mostly affected by CVE-2023-40180?
Websites with publicly exposed graphql schemas are mostly affected.
How can I check if my Silverstripe CMS project is affected by CVE-2023-40180?
If your Silverstripe CMS project exposes a public facing graphql schema, it may be affected.
How can I mitigate the vulnerability for Silverstripe/graphql version 5.0.0 to 5.0.3?
Update the Silverstripe/graphql package to version 5.0.3 to fix the vulnerability.
What is the severity of CVE-2023-40180?
The severity of CVE-2023-40180 is high with a CVSS score of 7.5.
- collector/github-advisory-latest
- alias/GHSA-v23w-pppm-jh66
- alias/CVE-2023-40180
- collector/nvd-index
- collector/github-advisory
- collector/nvd-api
- collector/nvd-cve
- agent/references
- agent/type
- agent/softwarecombine
- agent/remedy
- agent/weakness
- agent/author
- agent/title
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- package-manager/composer
- vendor/silverstripe
- canonical/silverstripe graphql
- version/silverstripe graphql/3.0.0
- version/silverstripe graphql/4.0.0
- version/silverstripe graphql/4.2.0
- version/silverstripe graphql/4.3.0
- version/silverstripe graphql/5.0.0