Security Advisory

CVE-2023-22477

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-01-09 14:12:24

Last updated 2025-03-10 21:31:05

Assigner GitHub_M

State PUBLISHED

Description

Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to `/graphql`. This issue was patched in #940. As a workaround, users can disable subscriptions.

← Browse all CVEs View on cve.org ↗