graphql
Easy fix9 remedies
cpe:2.3:a:graphql:graphql:*:*:*:*:node.js:*:*
Easy fix9 remedies
- >= 2.4.0, < 2.4.13
- >= 2.3.0, < 2.3.21
- >= 2.2.0, < 2.2.17
- >= 2.1.0, < 2.1.15
- >= 2.0.0, < 2.0.32
- >= 1.13.0, < 1.13.24
- >= 1.12.0, < 1.12.25
- >= 1.11.5, < 1.11.11
GraphQL Ruby Remote Code Execution Vulnerability in Schema Loading
Vulnerability
Patched
A remote code execution vulnerability exists in the GraphQL Ruby library, specifically in versions 1.11.5 prior to 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21. The issue arises when a malicious schema is loaded via 'GraphQL::Schema.from_introspection' or 'GraphQL::Schema::Loader.load'. Systems that use the 'graphql-client' gem to load external schemas through GraphQL introspection are also vulnerable. The vulnerability can be exploited by any authenticated user who transfers a crafted project using the Direct Transfer feature, which is in beta and off by default for self-managed GitLab instances.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the server where the vulnerable GraphQL schema is loaded.
Reproduction
To reproduce this vulnerability, first enable the Direct Transfer feature on a self-managed GitLab instance. Then, load a maliciously crafted schema into a project using 'GraphQL::Schema.from_introspection' or 'GraphQL::Schema::Loader.load'. This can be done by an authenticated user through the GitLab interface.
Remediation
Upgrade to GraphQL Ruby versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, or 2.3.21.
Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM
Vulnerability Rating
Custom Algorithm
spread
6.6impact
10.0exploitability
5.7remediation
7.9relevance
0.0threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.