Lucene search
K

137 matches found

CNNVD
CNNVD
added 2025/04/07 12:0 a.m.2 views

Apollo Router Core 安全漏洞

Apollo Router Core is a router core application for the Apollo community. A security vulnerability exists in Apollo Router Core that stems from a query optimization bypass that could lead to a denial of service...

7.5CVSS6.4AI score0.00513EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/04/07 12:0 a.m.4 views

PT-2025-15296 · Apollo · Apollo Router Core

Name of the Vulnerable Software and Affected Versions: Apollo Router Core versions prior to 1.61.2 Apollo Router Core versions prior to 2.1.1 Description: A vulnerability in the Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan...

7.5CVSS6.3AI score0.00513EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/04/07 12:0 a.m.4 views

PT-2025-15298 · Unknown · Apollo Router Core

Name of the Vulnerable Software and Affected Versions: Apollo Router Core versions prior to 1.61.2 Apollo Router Core versions prior to 2.1.1 Description: The issue concerns a vulnerability in the Apollo Router Core that allows queries with deeply nested and reused named fragments to be...

7.5CVSS6.2AI score0.00477EPSS
Exploits0References13
CNNVD
CNNVD
added 2025/04/07 12:0 a.m.5 views

Apollo Router Core 安全漏洞

Apollo Router Core is a router core application for the Apollo community. A security vulnerability exists in Apollo Router Core versions prior to 1.61.2 and prior to 2.1.1, which stems from mishandling of fragment extensions and could result in a denial of service...

7.5CVSS6.4AI score0.00477EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/05 12:44 p.m.20 views

CVE-2024-43783

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions =1.21.0 and =1.7.0 and 1.52.1 are impacted by a denial-of-service vulnerability if all of the...

7.5CVSS6.5AI score0.00857EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:57 a.m.19 views

CVE-2024-28101

The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service DoS type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the...

7.5CVSS6.8AI score0.0077EPSS
Exploits0References1
NVD
NVD
added 2024/08/27 6:15 p.m.46 views

CVE-2024-43783

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions =1.21.0 and =1.7.0 and 1.52.1 are impacted by a denial-of-service vulnerability if all of the...

7.5CVSS0.00857EPSS
Exploits1References6
NVD
NVD
added 2024/08/27 6:15 p.m.48 views

CVE-2024-43414

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally. Instances of @apollo/query-planner =2.0.0 and =2.0.0 and 2.8.5 and Apollo Router 1.52.1...

7.5CVSS0.00988EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2024/08/27 6:14 p.m.20 views

Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies

Impact Instances of the Apollo Router using either of the following may be impacted by a denial-of-service vulnerability. 1. External Coprocessing with specific configurations; or 2. Native Rust Plugins accessing the Router request body in the RouterService layer Router customizations using Rhai...

7.5CVSS6.4AI score0.00857EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2024/08/27 6:14 p.m.12 views

GHSA-X6XQ-WHH3-GG32 Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies

Impact Instances of the Apollo Router using either of the following may be impacted by a denial-of-service vulnerability. 1. External Coprocessing with specific configurations; or 2. Native Rust Plugins accessing the Router request body in the RouterService layer Router customizations using Rhai...

8.7CVSS7.5AI score0.00857EPSS
Exploits1References8
vulnersOsv
vulnersOsv
added 2024/08/27 6:14 p.m.5 views

inigo-rs (>=0.1.5 <=0.27.8) potentially affected by CVE-2024-43414 via apollo-router (=1.2.1)

apollo-router CARGO version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on apollo-router and may be impacted: - inigo-rs =0.1.5, =0.27.8 Source cves: CVE-2024-43414 Source advisory: OSV:GHSA-FMJ9-77Q8-G6C4...

7.5CVSS5.8AI score0.00988EPSS
Exploits1
CVE
CVE
added 2024/08/27 5:20 p.m.59 views

CVE-2024-43414

CVE-2024-43414 affects Apollo Federation components: @apollo/query-planner (v2.0.0–=2.0.0 and &lt;2.8.5) and Apollo Router (

7.5CVSS7.5AI score0.00988EPSS
Exploits1References3Affected Software5
Cvelist
Cvelist
added 2024/08/27 5:20 p.m.61 views

CVE-2024-43414 Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally. Instances of @apollo/query-planner =2.0.0 and =2.0.0 and 2.8.5 and Apollo Router 1.52.1...

7.5CVSS0.00988EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/08/27 5:16 p.m.45 views

CVE-2024-43783 Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions =1.21.0 and =1.7.0 and 1.52.1 are impacted by a denial-of-service vulnerability if all of the...

7.5CVSS0.00857EPSS
Exploits1References6
CVE
CVE
added 2024/08/27 5:16 p.m.63 views

CVE-2024-43783

The CVE affects Apollo Router Core. If using External Coprocessing, versions 1.21.x–1.52.0 with router.request.body enabled can load entire HTTP request bodies into memory, risking OOM. If using a Native Rust Plugin, versions 1.7.0–1.51.x that access Request.router_request and accumulate the body...

7.5CVSS7.5AI score0.00857EPSS
Exploits1References6Affected Software3
Vulnrichment
Vulnrichment
added 2024/08/27 5:16 p.m.20 views

CVE-2024-43783 Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions =1.21.0 and =1.7.0 and 1.52.1 are impacted by a denial-of-service vulnerability if all of the...

7.5CVSS6.7AI score0.00857EPSS
Exploits1References6
OSV
OSV
added 2024/08/27 5:16 p.m.25 views

CVE-2024-43783 Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions =1.21.0 and =1.7.0 and 1.52.1 are impacted by a denial-of-service vulnerability if all of the...

7.5CVSS6.5AI score0.00857EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/08/27 12:0 a.m.7 views

PT-2024-30653 · Apollo · Apollo Router

Name of the Vulnerable Software and Affected Versions: Apollo Router versions 1.7.0 through 1.52.0 Apollo Router versions 1.21.0 through 1.52.0 Description: The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo...

8.7CVSS6.8AI score0.00857EPSS
Exploits1References15
CNNVD
CNNVD
added 2024/08/27 12:0 a.m.3 views

Apollo Router Core 安全漏洞

Apollo Router Core is a router core application for the Apollo community. A security vulnerability exists in Apollo Router Core that stems from a denial-of-service vulnerability under certain circumstances...

7.5CVSS6.6AI score0.00857EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/08/27 12:0 a.m.5 views

PT-2024-30572 · Apollo · Apollo Gateway +2

Name of the Vulnerable Software and Affected Versions: @apollo/query-planner versions 2.0.0 through 2.8.4 @apollo/gateway versions 2.0.0 through 2.8.4 Apollo Router versions prior to 1.52.1 Description: The issue is a denial-of-service vulnerability that can cause the Apollo query planner to loop...

8.7CVSS6.7AI score0.00988EPSS
Exploits1References13
Rows per page
Query Builder