Impact
Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql
unless they are using a custom error handler.
Patches
The vulnerability has been fixed in #678 and shipped as v8.11.2.
Workarounds
Use a custom error handler.
References
See #677
For more information
If you have any questions or comments about this advisory:
Impact
Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to
/graphql
unless they are using a custom error handler.Patches
The vulnerability has been fixed in #678 and shipped as v8.11.2.
Workarounds
Use a custom error handler.
References
See #677
For more information
If you have any questions or comments about this advisory: