1233 matches found
Prototype Pollution
Overview @apollo/query-planner is an Apollo Query Planner Affected versions of this package are vulnerable to Prototype Pollution through incomplete sanitization of input in the query plan execution. An attacker can manipulate the Object.prototype in the gateway by crafting operations with field...
2mxdev-gql-gateway (=1.0.0), @2mxdev/gql-gateway (>=1.0.0 <=4.0.2) +272 more potentially affected by CVE-2026-32621 via @apollo/gateway (>=0.10.4 <=2.9.3)
@apollo/gateway NPM version =0.10.4, =1.0.0, =1.0.0, =0.0.7, =0.0.1-feature-ci-publish.2, =0.0.1-feature-ci-publish.2, =0.6.5, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =0.0.22 and more Source cves: CVE-2026-32621 Source advisory: OSV:GHSA-PFJJ-6F4P-RVMH...
2mxdev-gql-gateway (=1.0.0), @2mxdev/gql-gateway (>=1.0.0 <=4.0.2) +209 more potentially affected by CVE-2026-32621 via @apollo/query-planner (>=0.0.11 <=2.9.5)
@apollo/query-planner NPM version =0.0.11, =1.0.0, =0.24.2, =1.0.0, =0.0.1-feature-ci-publish.2, =0.0.1-feature-ci-publish.2, =0.6.5, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =0.0.22 and more Source cves: CVE-2026-32621 Source advisory: OSV:GHSA-PFJJ-6F4P-RVMH...
EUVD-2026-12135
Apollo Federation vulnerable to prototype pollution via incomplete key sanitization...
GHSA-PFJJ-6F4P-RVMH Apollo Federation vulnerable to prototype pollution via incomplete key sanitization
Impact A vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client may be able to pollute Object.prototype in gateway directly by crafting operations with field aliases and/or variable names that target...
Apollo Federation vulnerable to prototype pollution via incomplete key sanitization
Impact A vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client may be able to pollute Object.prototype in gateway directly by crafting operations with field aliases and/or variable names that target...
@apollo/gateway (>=2.0.0 <=2.14.0), @dfanchon/gateway (=2.11.0) +72 more potentially affected by CVE-2026-32621 via @apollo/query-planner (>=2.10.0-alpha.0 <=2.9.5)
@apollo/query-planner NPM version =2.10.0-alpha.0, =2.0.0, =0.0.2-beta.4, =1.0.52, =1.7.3, =3.0.5, =3.0.4, =0.2.0, =0.11.46, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =8.6.7, =11.5.0 and more Source cves: CVE-2026-32621 Source advisory: SNYK:JS-APOLLOQUERYPLANNER-15612460...
Prototype Pollution
Overview @apollo/federation-internals is an Apollo Federation internal utilities Affected versions of this package are vulnerable to Prototype Pollution through incomplete sanitization of input in the query plan execution. An attacker can manipulate the Object.prototype in the gateway by crafting...
CVE-2026-32621
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...
CVE-2026-32621 Apollo Federation has prototype pollution via incomplete key sanitization
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...
CVE-2026-32621
CVE-2026-32621 affects Apollo Federation’s gateway, with a root cause in query plan execution leading to possible pollution of Object.prototype. The advisory and CVE entry indicate the issue exists prior to fixes in versions 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, involving either crafted oper...
CVE-2026-32621 Apollo Federation has prototype pollution via incomplete key sanitization
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...
CVE-2026-32621 Apollo Federation has prototype pollution via incomplete key sanitization
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...
PT-2026-25379
Impact A vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client may be able to pollute Object.prototype in gateway directly by crafting operations with field aliases and/or variable names that target...
CVE-2026-27340
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Apollo | Night Club, DJ Event WordPress Theme apollo allows PHP Local File Inclusion.This issue affects Apollo | Night Club, DJ Event WordPress Theme: from n/a throu...
EUVD-2026-9613
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Apollo | Night Club, DJ Event WordPress Theme apollo allows PHP Local File Inclusion.This issue affects Apollo | Night Club, DJ Event WordPress Theme: from n/a throu...
CVE-2026-27340
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Apollo | Night Club, DJ Event WordPress Theme apollo allows PHP Local File Inclusion.This issue affects Apollo | Night Club, DJ Event WordPress Theme: from n/a throu...
CVE-2026-27340 WordPress Apollo | Night Club, DJ Event WordPress Theme theme <= 1.3.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Apollo | Night Club, DJ Event WordPress Theme apollo allows PHP Local File Inclusion.This issue affects Apollo | Night Club, DJ Event WordPress Theme: from n/a throu...
CVE-2026-27340
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Apollo | Night Club, DJ Event WordPress Theme apollo allows PHP Local File Inclusion.This issue affects Apollo | Night Club, DJ Event WordPress Theme: from n/a throu...
CVE-2026-27340 WordPress Apollo | Night Club, DJ Event WordPress Theme theme <= 1.3.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Apollo | Night Club, DJ Event WordPress Theme apollo allows PHP Local File Inclusion.This issue affects Apollo | Night Club, DJ Event WordPress Theme: from n/a throu...