Security Advisory
CVE-2024-40094
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions.