birkir Prime Denial-of-Service Vulnerability in GraphQL Directive Handler
Vulnerability
A denial-of-service vulnerability has been identified in birkir prime versions through 0.4.0.beta.0. The issue arises in the GraphQL Directive Handler, specifically within an unknown function of the file '/graphql'. This vulnerability allows for remote exploitation, where an attacker can manipulate the GraphQL directives to overload the server, potentially exhausting its computing resources. The problem has been publicly disclosed, and the project maintainers have not yet responded to reports about the issue.
Impact
Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to become unresponsive or unavailable.
Reproduction
The vulnerability can be reproduced by sending a GraphQL query that includes the same directive multiple times at the same location. This can be done using a tool like curl, by posting a request to the '/graphql' endpoint with a query that overloads the server with repeated instructions.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.