| शीर्षक | Keystone KeystoneJS 2026-03-19 Denial of Service |
|---|
| विवरण | This vulnerability is patched in KeystoneJS Pull Request #9831 (https://github.com/keystonejs/keystone/pull/9831).
his vulnerability affects the relationship fields engine within the core packages, specifically the components packages/core/src/fields/types/relationship/index.ts and packages/core/src/lib/core/queries/output-field.ts.
The manipulation of nested GraphQL parameters exposes findMany resolvers without query depth limiting, query complexity analysis, or resource budgeting. This allows a remote attacker to construct a single recursive query to execute exponential database requests. The execution of such asymmetrical requests causes uncontrolled resource consumption (CWE-400), leading to database connection exhaustion, server memory saturation, and a denial of service (DoS).
|
|---|
| स्रोत | ⚠️ https://gist.github.com/nedlir/0431275665076772844ebfe5167e54f6 |
|---|
| उपयोगकर्ता | nedlir (UID 95981) |
|---|
| सबमिशन | 16/05/2026 10:55 AM (22 दिन पहले) |
|---|
| संयम | 04/06/2026 07:02 AM (19 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 368251 [keystonejs keystone तक 20260319 GraphQL API Endpoint output-field.ts सेवा अस्वीकार] |
|---|
| अंक | 20 |
|---|