What is CVE-2022-36084?

CVE-2022-36084 is a critical-severity vulnerability in Aeb-labs Cruddl, classified under Improper Neutralization of Special Elements in Data Query Logic. CVSS score: 9.9/10. Published 2022-09-08.

How severe is CVE-2022-36084?

Critical severity. CVSS v3 base score is 9.9 out of 10.

Vulnerability in Aeb-labs Cruddl

CVE-2022-36084

cruddl is software for creating a GraphQL API for a database, using the GraphQL SDL to model a schema. If cruddl starting with version 1.1.0 and prior to versions 2.7.0 and 3.0.2 is used to generate a schema that uses `@flexSearchFulltext`…

EPSS: 0.010 (77.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Aeb-labs Cruddl — versions >= 3.0.0, < 3.0.2, >= 1.1.0, < 2.7.0

Weakness classification (CWE)

References

github.com/AEB-labs/cruddl/security/advisories/GHSA-qm4w-4995-vg7f (x_refsource_CONFIRM)
github.com/AEB-labs/cruddl/pull/253 (x_refsource_MISC)
github.com/AEB-labs/cruddl/commit/13b9233733ed6fc822718a07bc90a80cd3492698 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-36084?: CVE-2022-36084 is a critical-severity vulnerability in Aeb-labs Cruddl, classified under Improper Neutralization of Special Elements in Data Query Logic. CVSS score: 9.9/10. Published 2022-09-08.
How severe is CVE-2022-36084?: Critical severity. CVSS v3 base score is 9.9 out of 10.