Vulnerability-Lookup

CVE-2023-40180 (GCVE-0-2023-40180)

Vulnerability from cvelistv5 – Published: 2023-10-16 18:05 – Updated: 2024-09-16 17:21

Title

Denial of service vulnerability in silverstripe-graphql via recursive queries

Summary

silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

GitHub_M

References

URL

Tags

	https://github.com/silverstripe/silverstripe-grap…	x_refsource_CONFIRM
	https://github.com/silverstripe/silverstripe-grap…	x_refsource_MISC
	https://docs.silverstripe.org/en/developer_guides…	x_refsource_MISC
	https://github.com/silverstripe/silverstripe-grap…	x_refsource_MISC
	https://www.silverstripe.org/download/security-re…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	silverstripe	silverstripe-graphql	Affected: >= 3.0.0, < 3.8.2 Affected: >= 4.0.0, < 4.1.3 Affected: >= 4.2.0, < 4.2.5 Affected: >= 4.3.0, < 4.3.4 Affected: >= 5.0.0, < 5.0.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:24:55.960Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66"
          },
          {
            "name": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c"
          },
          {
            "name": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries"
          },
          {
            "name": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries"
          },
          {
            "name": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-40180",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-16T17:21:23.949970Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-16T17:21:39.838Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "silverstripe-graphql",
          "vendor": "silverstripe",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.8.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.1.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.2.0, \u003c 4.2.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.3.0, \u003c 4.3.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.0.0, \u003c 5.0.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": " silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-16T18:43:50.879Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66"
        },
        {
          "name": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c"
        },
        {
          "name": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries"
        },
        {
          "name": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries"
        },
        {
          "name": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180"
        }
      ],
      "source": {
        "advisory": "GHSA-v23w-pppm-jh66",
        "discovery": "UNKNOWN"
      },
      "title": "Denial of service vulnerability in silverstripe-graphql via recursive queries"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-40180",
    "datePublished": "2023-10-16T18:05:14.806Z",
    "dateReserved": "2023-08-09T15:26:41.052Z",
    "dateUpdated": "2024-09-16T17:21:39.838Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66\", \"name\": \"https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c\", \"name\": \"https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries\", \"name\": \"https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries\", \"name\": \"https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.silverstripe.org/download/security-releases/CVE-2023-40180\", \"name\": \"https://www.silverstripe.org/download/security-releases/CVE-2023-40180\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T18:24:55.960Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-40180\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-16T17:21:23.949970Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-16T17:21:33.777Z\"}}], \"cna\": {\"title\": \"Denial of service vulnerability in silverstripe-graphql via recursive queries\", \"source\": {\"advisory\": \"GHSA-v23w-pppm-jh66\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"silverstripe\", \"product\": \"silverstripe-graphql\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 3.0.0, \u003c 3.8.2\"}, {\"status\": \"affected\", \"version\": \"\u003e= 4.0.0, \u003c 4.1.3\"}, {\"status\": \"affected\", \"version\": \"\u003e= 4.2.0, \u003c 4.2.5\"}, {\"status\": \"affected\", \"version\": \"\u003e= 4.3.0, \u003c 4.3.4\"}, {\"status\": \"affected\", \"version\": \"\u003e= 5.0.0, \u003c 5.0.3\"}]}], \"references\": [{\"url\": \"https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66\", \"name\": \"https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c\", \"name\": \"https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries\", \"name\": \"https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries\", \"name\": \"https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.silverstripe.org/download/security-releases/CVE-2023-40180\", \"name\": \"https://www.silverstripe.org/download/security-releases/CVE-2023-40180\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \" silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-10-16T18:43:50.879Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-40180\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-16T17:21:39.838Z\", \"dateReserved\": \"2023-08-09T15:26:41.052Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-10-16T18:05:14.806Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2023-40180

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-40180

Aliases

CVE-2023-40180

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-40180",
    "id": "GSD-2023-40180"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-40180"
      ],
      "details": " silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
      "id": "GSD-2023-40180",
      "modified": "2023-12-13T01:20:43.809618Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-40180",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "silverstripe-graphql",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 3.0.0, \u003c 3.8.1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 4.0.0, \u003c 4.1.3"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 4.2.0, \u003c 4.2.5"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 4.3.0, \u003c 4.3.4"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 5.0.0, \u003c 5.0.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "silverstripe"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": " silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-400",
                "lang": "eng",
                "value": "CWE-400: Uncontrolled Resource Consumption"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66",
            "refsource": "MISC",
            "url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66"
          },
          {
            "name": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c",
            "refsource": "MISC",
            "url": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c"
          },
          {
            "name": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries",
            "refsource": "MISC",
            "url": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries"
          },
          {
            "name": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries",
            "refsource": "MISC",
            "url": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries"
          },
          {
            "name": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180",
            "refsource": "MISC",
            "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-v23w-pppm-jh66",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:silverstripe:graphql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.8.2",
                "versionStartIncluding": "3.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:silverstripe:graphql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.1.3",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:silverstripe:graphql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.2.5",
                "versionStartIncluding": "4.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:silverstripe:graphql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3.4",
                "versionStartIncluding": "4.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:silverstripe:graphql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.3",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2023-40180"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": " silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c"
            },
            {
              "name": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries"
            },
            {
              "name": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries",
              "refsource": "MISC",
              "tags": [
                "Mitigation"
              ],
              "url": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries"
            },
            {
              "name": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180"
            },
            {
              "name": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-10-23T14:21Z",
      "publishedDate": "2023-10-16T19:15Z"
    }
  }
}

GHSA-V23W-PPPM-JH66

Vulnerability from github – Published: 2023-10-17 13:48 – Updated: 2023-10-17 13:48

Summary

Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries

Details

Impact

An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas.

If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk.

The fix includes some new configuration options which you might want to tweak for your project, based on your own requirements. See the documentation in the references for details.

Patches

Patched in 3.8.2, 4.1.3, 4.2.5, 4.3.4, 5.0.3

References

Reported by

Jason Nguyen from phew (https://phew.co.nz/)

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "silverstripe/graphql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.8.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "silverstripe/graphql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "silverstripe/graphql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.2.0"
            },
            {
              "fixed": "4.2.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "silverstripe/graphql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.3.0"
            },
            {
              "fixed": "4.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "silverstripe/graphql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-40180"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-17T13:48:17Z",
    "nvd_published_at": "2023-10-16T19:15:10Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nAn attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas.\n\nIf your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk.\n\nThe fix includes some new configuration options which you might want to tweak for your project, based on your own requirements. See the documentation in the references for details.\n\n### Patches\nPatched in [3.8.2](https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.8.2), [4.1.3](https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.1.3), [4.2.5](https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.2.5), [4.3.4](https://github.com/silverstripe/silverstripe-graphql/releases/tag/4.3.4), [5.0.3](https://github.com/silverstripe/silverstripe-graphql/releases/tag/5.0.3)\n\n### References\n- [CVE-2023-40180 on silverstripe.org](https://www.silverstripe.org/download/security-releases/CVE-2023-40180)\n- [Documentation about protection against recursive or complex queries for silverstripe/graphql 4.x/5.x](https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries)\n- [Documentation about protection against recursive or complex queries for silverstripe/graphql 3.x](https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries)\n\n### Reported by\nJason Nguyen from phew (https://phew.co.nz/)",
  "id": "GHSA-v23w-pppm-jh66",
  "modified": "2023-10-17T13:48:17Z",
  "published": "2023-10-17T13:48:17Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40180"
    },
    {
      "type": "WEB",
      "url": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c"
    },
    {
      "type": "WEB",
      "url": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2023-40180.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/silverstripe/silverstripe-graphql"
    },
    {
      "type": "WEB",
      "url": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries"
    },
    {
      "type": "WEB",
      "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries"
}

FKIE_CVE-2023-40180

Vulnerability from fkie_nvd - Published: 2023-10-16 19:15 - Updated: 2024-11-21 08:18

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries	Mitigation
security-advisories@github.com	https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c	Patch
security-advisories@github.com	https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66	Third Party Advisory
security-advisories@github.com	https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries	Third Party Advisory
security-advisories@github.com	https://www.silverstripe.org/download/security-releases/CVE-2023-40180	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries	Mitigation
af854a3a-2127-422b-91ae-364da2661108	https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.silverstripe.org/download/security-releases/CVE-2023-40180	Vendor Advisory

Impacted products

Vendor	Product	Version
silverstripe	graphql	*
silverstripe	graphql	*
silverstripe	graphql	*
silverstripe	graphql	*
silverstripe	graphql	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:silverstripe:graphql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DC96AF6-9575-46F3-B73C-840E94E89FEE",
              "versionEndExcluding": "3.8.2",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:silverstripe:graphql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A083DC-A210-4945-B575-B844777ED2D3",
              "versionEndExcluding": "4.1.3",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:silverstripe:graphql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F32A73D0-E7FA-4C45-97E7-81E64AD0DBEA",
              "versionEndExcluding": "4.2.5",
              "versionStartIncluding": "4.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:silverstripe:graphql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "186C5850-375C-408D-BDDC-C0726F618860",
              "versionEndExcluding": "4.3.4",
              "versionStartIncluding": "4.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:silverstripe:graphql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D409E4EC-38CB-43BB-91F1-C79350B5CD36",
              "versionEndExcluding": "5.0.3",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": " silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability."
    },
    {
      "lang": "es",
      "value": "silverstripe-graphql es un paquete que proporciona datos de Silverstripe en representaciones GraphQL. Un atacante podr\u00eda utilizar una consulta Graphql recursiva para ejecutar un ataque de Denegaci\u00f3n de Servicio Distribuido (ataque DDOS) contra un sitio web. Esto afecta principalmente a sitios web con esquemas Graphql expuestos p\u00fablicamente. Si su proyecto Silverstripe CMS no expone un esquema Graphql p\u00fablico, se requiere una cuenta de usuario para desencadenar el ataque DDOS. Si su sitio est\u00e1 alojado detr\u00e1s de una Red de Entrega de Contenido (CDN), como Imperva o CloudFlare, esto puede mitigar a\u00fan m\u00e1s el riesgo. Este problema se solucion\u00f3 en las versiones 3.8.2, 4.1.3, 4.2.5, 4.3.4 y 5.0.3. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
    }
  ],
  "id": "CVE-2023-40180",
  "lastModified": "2024-11-21T08:18:56.620",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-16T19:15:10.567",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mitigation"
      ],
      "url": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation"
      ],
      "url": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-40180 (GCVE-0-2023-40180)

GSD-2023-40180

GHSA-V23W-PPPM-JH66

Impact

Patches

References

Reported by

FKIE_CVE-2023-40180

Tags

Sightings

Nomenclature