1233 matches found
Design/Logic Flaw
The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when a multi-part response is...
CVE-2023-45812
CVE-2023-45812 affects Apollo Router (Rust). A DoS can occur when handling multi-part responses if the client uses queries with @defer or Subscriptions and the router is configured with a coprocessor level coprocessor.supergraph.response in router.yaml. The vulnerability can cause the router to p...
CVE-2023-45812 Improper Check or Handling of Exceptional Conditions in apollo-router
The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when a multi-part response is...
CVE-2023-45812 Improper Check or Handling of Exceptional Conditions in apollo-router
The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when a multi-part response is...
CVE-2023-45812 Improper Check or Handling of Exceptional Conditions in apollo-router
The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when a multi-part response is...
Apollo Router Code Issue Vulnerability
Apollo Router is a configurable, high-performance graphical router written in Rust. A code issue vulnerability exists in Apollo Router. An attacker could use this vulnerability to cause the router to panic and terminate when sending a multi-part response...
CVE-2023-30959
In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction...
CVE-2023-30959
In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction...
Default credentials
In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction...
Palantir Apollo Cross-Site Scripting Vulnerability
Palantir is a data platform from US-based Palantir that reimagines how people use data by removing the barriers between back-end data management and front-end data analysis. A cross-site scripting vulnerability exists in Palantir Apollo, which stems from a cross-site scripting XSS vulnerability i...
CVE-2023-30959 Stored XSS via javascript URI in Apollo Change Requests comment
In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction...
CVE-2023-30959 Stored XSS via javascript URI in Apollo Change Requests comment
In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction...
CVE-2023-30959
CVE-2023-30959 affects Palantir Apollo: the vulnerability is a stored XSS in the Apollo change requests comments where a user-supplied javascript: URI can be rendered, triggering XSS that requires user interaction. The issue targets the change-requests comment workflow; root cause is the handling...
PT-2023-23087 · Apollo · Apollo
Name of the Vulnerable Software and Affected Versions: Apollo affected versions not specified Description: The issue allows comments added by users in Apollo change requests to contain a javascript URI link. When rendered, this link can result in a cross-site scripting XSS attack that requires us...
Apollo Router Unnamed "Subscription" operation results in Denial-of-Service
Impact This is a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are enabled. It can be triggered when all of the following conditions are met: 1. Running Apollo Router v1.28.0, v1.28.1 or v1.29.0 "impacted versions"; and 2. The...
CVE-2023-41317
The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are...
Design/Logic Flaw
The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are...
CVE-2023-41317 Unnamed "Subscription" operation results in Denial-of-Service in apollographql/router
The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are...
CVE-2023-41317 Unnamed "Subscription" operation results in Denial-of-Service in apollographql/router
The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are...
CVE-2023-41317
Summary. CVE-2023-41317 affects Apollo Router (Rust) v1.28.0, v1.28.1, and v1.29.0, where an anonymous GraphQL subscription can trigger a DoS panic if the supergraph defines a subscription type and subscriptions are enabled in config. The vulnerability requires all four conditions to be met: impa...