1233 matches found
CVE-2025-32032 Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan,...
CVE-2025-32032 Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan,...
CVE-2025-32031
CVE-2025-32031 affects Apollo Gateway prior to version 2.10.1. The vulnerability stems from the GraphQL query planner, where deeply nested and reused named fragments can bypass an optimization that normally speeds query planning. This can lead to extremely long planning times and, because there i...
CVE-2025-32031 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass
Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal...
CVE-2025-32031 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass
Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal...
CVE-2025-32031 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass
Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal...
CVE-2025-32030
CVE-2025-32030 concerns Apollo Gateway (GraphQL federation). The vulnerability occurs prior to version 2.10.1, where queries using deeply nested and reused named fragments could trigger prohibitively expensive query planning. Specifically, named fragments were expanded once per fragment spread du...
CVE-2025-32030 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion
Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named...
CVE-2025-32030 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion
Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named...
CVE-2025-32030 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion
Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named...
CVE-2025-31496 apollo-compiler Named Fragment Processing Vulnerability
apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in...
CVE-2025-31496 apollo-compiler Named Fragment Processing Vulnerability
apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in...
CVE-2025-31496
CVE-2025-31496 affects the Apollo Compiler (GraphQL) prior to version 1.27.0. The vulnerability arises from how deeply nested and reused named fragments are validated, where each named fragment could be processed once per fragment spread, causing exponential resource consumption and potential den...
GHSA-7MPV-9XG6-5R79 Apollo Compiler Named Fragment Processing Vulnerability
Impact Summary A vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. This could lead to excessive resource consumption and denial of service in applications. Details Named fragments were being processed once per...
apollo-encoder (>=0.6.0 <=0.7.0), apollo-parser (>=0.6.0 <=0.7.1) +1 more potentially affected by CVE-2025-31496 via apollo-compiler (>=0.10.0 <=0.11.0)
apollo-compiler CARGO version =0.10.0, =0.6.0, =0.6.0, =0.7.1 - apollo-smith =0.4.0 Source cves: CVE-2025-31496 Source advisory: OSV:GHSA-7MPV-9XG6-5R79...
Apollo Compiler Named Fragment Processing Vulnerability
Impact Summary A vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. This could lead to excessive resource consumption and denial of service in applications. Details Named fragments were being processed once per...
Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass
Impact Summary A vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal optimizations being frequently bypassed. This could lead to excessive resource consumption and denial of service...
2mxdev-gql-gateway (=1.0.0), @2mxdev/gql-gateway (>=1.0.0 <=4.0.2) +216 more potentially affected by CVE-2025-32031 via @apollo/gateway (>=0.10.4 <=2.10.0)
@apollo/gateway NPM version =0.10.4, =1.0.0, =1.0.0, =0.0.7, =0.0.1-feature-ci-publish.2, =0.0.1-feature-ci-publish.2, =0.6.5, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =0.0.22 and more Source cves: CVE-2025-32031 Source advisory: OSV:GHSA-P2Q6-PWH5-M6JR...
GHSA-P2Q6-PWH5-M6JR Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass
Impact Summary A vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal optimizations being frequently bypassed. This could lead to excessive resource consumption and denial of service...
GHSA-Q2F9-X4P4-7XMH Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion
Impact Summary A vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named fragment expansion. This could lead to excessive resource consumption and denial of service. Details Named fragment...