
Preface: Typical REST APIs exhibit a few issues that we can solve with GraphQL. One of the most prominent is over fetching, which occurs when a client fetches too much data from the server. When OpenShift Console is fetching a lot of data, it leverages chunked responses introduced in k8s 1.9. Fetching is split into separate HTTP requests, which improves the responsiveness of the UI with results shown incrementally.
Background: GraphQL is a web service technology. It is a query language and server-side runtime for application programming interfaces (APIs) that gives API clients exactly the data they requested. As an alternative to REST, GraphQL allows developers to make requests to fetch data from multiple data sources with a single API call.
GraphQL technology is becoming the new standard for communication between front-end and back-end. Get started using GraphQL in OpenShift Console 4.6.
Vulnerability details: A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in one query. This issue causes excessive resource consumption, leading to application unavailability for legitimate users.
Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2024-50311