What is the severity of CVE-2024-40094?

CVE-2024-40094 has been assessed as a denial of service vulnerability affecting versions of GraphQL Java prior to 21.5.

How do I fix CVE-2024-40094?

To remediate CVE-2024-40094, upgrade GraphQL Java to version 21.5, 20.9, or 19.11.

Which versions of GraphQL Java are affected by CVE-2024-40094?

CVE-2024-40094 affects versions of GraphQL Java before 21.5, including 20.0 to 20.9 and all versions prior to 19.11.

Is there a workaround for CVE-2024-40094?

No specific workarounds are mentioned for CVE-2024-40094, and the recommended action is to update to the fixed versions.

What is the impact of CVE-2024-40094?

The impact of CVE-2024-40094 is a potential denial of service via introspection queries that can overload the server handling such requests.

Vulnerability/
CVE-2024-40094

high

7.5

CWE

770

30/7/2024

4/2/2025

CVE-2024-40094

First published: Tue Jul 30 2024(Updated: )

GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
maven/com.graphql-java:graphql-java	>=21.0<21.5	21.5
maven/com.graphql-java:graphql-java	>=20.0<20.9	20.9
maven/com.graphql-java:graphql-java	<19.11	19.11

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7182403

Frequently Asked Questions

What is the severity of CVE-2024-40094?
CVE-2024-40094 has been assessed as a denial of service vulnerability affecting versions of GraphQL Java prior to 21.5.
How do I fix CVE-2024-40094?
To remediate CVE-2024-40094, upgrade GraphQL Java to version 21.5, 20.9, or 19.11.
Which versions of GraphQL Java are affected by CVE-2024-40094?
CVE-2024-40094 affects versions of GraphQL Java before 21.5, including 20.0 to 20.9 and all versions prior to 19.11.
Is there a workaround for CVE-2024-40094?
No specific workarounds are mentioned for CVE-2024-40094, and the recommended action is to update to the fixed versions.
What is the impact of CVE-2024-40094?
The impact of CVE-2024-40094 is a potential denial of service via introspection queries that can overload the server handling such requests.

agent/type
agent/first-publish-date
collector/nvd-api
source/NVD
agent/softwarecombine
agent/weakness
collector/nvd-cve
agent/author
collector/github-advisory-latest
source/GitHub
alias/GHSA-h9mq-f6q5-6c8m
alias/CVE-2024-40094
agent/software-canonical-lookup
collector/github-advisory
agent/severity
agent/description
agent/event
collector/mitre-cve
source/MITRE
agent/trending
agent/source
collector/redhat-bugzilla
source/Red Hat
agent/references
agent/last-modified-date
agent/tags
collector/ibm-support
source/IBM
package-manager/maven

Frequently Asked Questions

What is the severity of CVE-2024-40094?
CVE-2024-40094 has been assessed as a denial of service vulnerability affecting versions of GraphQL Java prior to 21.5.
How do I fix CVE-2024-40094?
To remediate CVE-2024-40094, upgrade GraphQL Java to version 21.5, 20.9, or 19.11.
Which versions of GraphQL Java are affected by CVE-2024-40094?
CVE-2024-40094 affects versions of GraphQL Java before 21.5, including 20.0 to 20.9 and all versions prior to 19.11.
Is there a workaround for CVE-2024-40094?
No specific workarounds are mentioned for CVE-2024-40094, and the recommended action is to update to the fixed versions.
What is the impact of CVE-2024-40094?
The impact of CVE-2024-40094 is a potential denial of service via introspection queries that can overload the server handling such requests.

CVE-2024-40094

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2024-40094?

How do I fix CVE-2024-40094?

Which versions of GraphQL Java are affected by CVE-2024-40094?

Is there a workaround for CVE-2024-40094?

What is the impact of CVE-2024-40094?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2024-40094?

How do I fix CVE-2024-40094?

Which versions of GraphQL Java are affected by CVE-2024-40094?

Is there a workaround for CVE-2024-40094?

What is the impact of CVE-2024-40094?