22 matches found
CVE-2025-64347
Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes...
CVE-2025-64173
Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required additional access...
CVE-2025-64347
Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes...
CVE-2025-64347 Apollo Router Improperly Enforces Renamed Access Control Directives
Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes...
Apollo Router Core 访问控制错误漏洞
Apollo Router Core is a router core application for the Apollo community. An access control error vulnerability exists in Apollo Router Core versions 1.61.12-rc.0 and earlier and 2.8.1-rc.0, which stems from not enforcing renamed access control commands, which could lead to bypassing element-leve...
CVE-2025-64173 Apollo Router Core: Access Control Bypass on Polymorphic Types
Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required additional access...
CVE-2025-64173
CVE-2025-64173 affects Apollo Router Core (Rust) in versions 1.61.11 and earlier and 2.0.0-alpha.0 through 2.8.1-rc.0. The vulnerability stems from incorrect handling of access control directives on interface types/fields and their implementing object types/fields, causing unauthenticated queries...
CVE-2025-64173 Apollo Router Core: Access Control Bypass on Polymorphic Types
Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required additional access...
Apollo Router Core 安全漏洞
Apollo Router Core is a router core application for the Apollo community. A security vulnerability exists in Apollo Router Core versions prior to 1.61.11 and versions 2.0.0-alpha.0 through 2.8.1-rc.0, which stems from mishandling of access control commands and could lead to unauthenticated querie...
PT-2025-45381
Name of the Vulnerable Software and Affected Versions Apollo Router Core versions 1.61.12-rc.0 through 1.61.12 and 2.8.1-rc.0 through 2.8.1 Description Apollo Router Core, a Rust graph router for Apollo Federation 2, had a flaw where access control directives—specifically @authenticated,...
PT-2025-45376
Name of the Vulnerable Software and Affected Versions Apollo Router Core versions 1.61.11 and earlier Apollo Router Core versions 2.0.0-alpha.0 through 2.8.1-rc.0 Description Apollo Router Core, a configurable graph router written in Rust for Apollo Federation 2, had an access control issue. The...
EUVD-2025-10285
Malicious code in bioql PyPI...
CVE-2025-32033
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, the operation limits plugin uses unsigned 32-bit integers to track limit counters e.g. for a query's height. If a counter...
Apollo Router Core 安全漏洞
Apollo Router Core is a router core application for the Apollo community. A security vulnerability exists in Apollo Router Core that stems from a query validation that could lead to resource consumption and denial of service...
CVE-2025-32033 Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, the operation limits plugin uses unsigned 32-bit integers to track limit counters e.g. for a query's height. If a counter...
Apollo Router Core 安全漏洞
Apollo Router Core is a router core application for the Apollo community. A security vulnerability exists in Apollo Router Core that stems from a query optimization bypass that could lead to a denial of service...
PT-2025-15297 · Unknown · Apollo Router Core
Name of the Vulnerable Software and Affected Versions: Apollo Router Core versions prior to 1.61.2 Apollo Router Core versions prior to 2.1.1 Description: The issue arises from the operation limits plugin using unsigned 32-bit integers to track limit counters, such as a query's height. If a count...
PT-2025-15298 · Unknown · Apollo Router Core
Name of the Vulnerable Software and Affected Versions: Apollo Router Core versions prior to 1.61.2 Apollo Router Core versions prior to 2.1.1 Description: The issue concerns a vulnerability in the Apollo Router Core that allows queries with deeply nested and reused named fragments to be...
PT-2025-15296 · Apollo · Apollo Router Core
Name of the Vulnerable Software and Affected Versions: Apollo Router Core versions prior to 1.61.2 Apollo Router Core versions prior to 2.1.1 Description: A vulnerability in the Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan...
Apollo Router Core 缓冲区错误漏洞
Apollo Router Core is a router core application for the Apollo community. A buffer error vulnerability exists in Apollo Router Core versions prior to 1.61.2 and prior to 2.1.1, which stems from an operation limit counter overflow that could cause a query to bypass a threshold...