{"id":"CVE-2024-40094","details":"GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions.","aliases":["GHSA-h9mq-f6q5-6c8m"],"modified":"2026-04-10T05:14:43.851181Z","published":"2024-07-30T07:15:01.840Z","related":["CGA-wc6c-w59g-7f77"],"references":[{"type":"WEB","url":"https://github.com/graphql-java/graphql-java/discussions/3641"},{"type":"WEB","url":"https://github.com/graphql-java/graphql-java/releases/tag/v19.11"},{"type":"WEB","url":"https://github.com/graphql-java/graphql-java/releases/tag/v20.9"},{"type":"WEB","url":"https://github.com/graphql-java/graphql-java/releases/tag/v21.5"},{"type":"FIX","url":"https://github.com/graphql-java/graphql-java/commit/97743bc1b5caa2b0bd894dc8e128b47e4d771e4a"},{"type":"FIX","url":"https://github.com/graphql-java/graphql-java/pull/3539"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/graphql-java/graphql-java","events":[{"introduced":"0"},{"fixed":"25667a13e528a2b2c4fa372b363ffbb00184316a"},{"fixed":"97743bc1b5caa2b0bd894dc8e128b47e4d771e4a"},{"fixed":"16c159111507ef04d7e1839b2c23281d90c42b2b"},{"fixed":"d3a8540de4951a3b6121e2fc4e8b86151b3053a0"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"21.5"}]}}],"versions":["12.0","v1.0","v1.2","v1.3","v10.0","v11.0","v12.0","v13.0","v14.0","v15.0","v16.0","v16.1","v16.2","v17.0","v17.0-beta1","v17.0.0-beta1","v17.2","v17.3","v18.0","v18.1","v19.0","v19.1","v19.10","v19.2","v19.3","v19.4","v19.5","v19.6","v19.7","v19.8","v19.9","v2.0.0","v2.1.0","v2.2.0","v2.3.0","v2.4.0","v20.0","v20.1","v20.2","v20.3","v20.4","v20.5","v20.6","v20.7","v20.8","v21.0","v21.1","v21.2","v21.3","v21.4","v3.0.0","v4.0","v5.0","v6.0","v7.0","v8.0","v9.0","v9.1","v9.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40094.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}