@escape.tech/graphql-armor-max-depth 2.4.1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the @escape.tech/graphql-armor-max-depth package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Allocation of Resources Without Limits or Throttling @escape.tech/graphql-armor-max-depth is a Limit the depth allowed in a GraphQL query. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the `countDepth` function. An attacker can cause excessive resource consumption by crafting queries that reuse fragments at varying depths, bypassing intended depth restrictions through fragment caching. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `@escape.tech/graphql-armor-max-depth` to version 2.4.2 or higher.	<2.4.2
M Allocation of Resources Without Limits or Throttling @escape.tech/graphql-armor-max-depth is a Limit the depth allowed in a GraphQL query. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the `countDepth` function when the `ignoreIntrospection` configuration is enabled. An attacker can bypass query depth restrictions by crafting queries or fragments named `__schema`, allowing them to submit deeply nested queries that would otherwise be blocked. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `@escape.tech/graphql-armor-max-depth` to version 2.4.2 or higher.	<2.4.2

Vulnerability

Vulnerable Version

Allocation of Resources Without Limits or Throttling

@escape.tech/graphql-armor-max-depth is a Limit the depth allowed in a GraphQL query.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the countDepth function. An attacker can cause excessive resource consumption by crafting queries that reuse fragments at varying depths, bypassing intended depth restrictions through fragment caching.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade @escape.tech/graphql-armor-max-depth to version 2.4.2 or higher.

<2.4.2

Allocation of Resources Without Limits or Throttling

@escape.tech/graphql-armor-max-depth is a Limit the depth allowed in a GraphQL query.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the countDepth function when the ignoreIntrospection configuration is enabled. An attacker can bypass query depth restrictions by crafting queries or fragments named __schema, allowing them to submit deeply nested queries that would otherwise be blocked.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade @escape.tech/graphql-armor-max-depth to version 2.4.2 or higher.

<2.4.2

@escape.tech/graphql-armor-max-depth@2.4.1 vulnerabilities

Limit the depth allowed in a GraphQL query.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?