51 matches found
CVE-2024-43414 Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally. Instances of @apollo/query-planner =2.0.0 and =2.0.0 and 2.8.5 and Apollo Router 1.52.1...
CVE-2024-43414 Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally. Instances of @apollo/query-planner =2.0.0 and =2.0.0 and 2.8.5 and Apollo Router 1.52.1...
Apollo Federation 安全漏洞
Apollo Federation is an architecture for the Apollo community to declaratively combine APIs into a unified graph. A security vulnerability exists in Apollo Federation, which stems from the fact that if @apollo/query-planner is asked to plan a sufficiently complex query, it may loop indefinitely a...
Malicious code in apollo-federation-integration-testsuite (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-32971 Defect in query plan cache may cause incorrect operations to be executed in Apollo Router
Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumstances, could lead to unexpected operations being executed which can result in unintended data or...
CVE-2024-32971 Defect in query plan cache may cause incorrect operations to be executed in Apollo Router
Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumstances, could lead to unexpected operations being executed which can result in unintended data or...
CVE-2024-32971 Defect in query plan cache may cause incorrect operations to be executed in Apollo Router
Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumstances, could lead to unexpected operations being executed which can result in unintended data or...
GHSA-R344-XW3P-2FRJ Apollo Router vulnerable to Improper Check or Handling of Exceptional Conditions
Impact The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when a multi-part respons...
CVE-2023-45812
CVE-2023-45812 affects Apollo Router (Rust). A DoS can occur when handling multi-part responses if the client uses queries with @defer or Subscriptions and the router is configured with a coprocessor level coprocessor.supergraph.response in router.yaml. The vulnerability can cause the router to p...
Malicious code in apollo-federation-ruby (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5201e2567b87839a5bb3c1c2dd4c7c9b275c284349ff04a9c2b348451b979206 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1057 Malicious code in apollo-federation-ruby (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5201e2567b87839a5bb3c1c2dd4c7c9b275c284349ff04a9c2b348451b979206 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...