97 matches found
CVE-2025-32031
CVE-2025-32031 affects Apollo Gateway prior to version 2.10.1. The vulnerability stems from the GraphQL query planner, where deeply nested and reused named fragments can bypass an optimization that normally speeds query planning. This can lead to extremely long planning times and, because there i...
CVE-2025-32031 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass
Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal...
CVE-2025-32031 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass
Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal...
CVE-2025-32031 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass
Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal...
GHSA-P2Q6-PWH5-M6JR Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass
Impact Summary A vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal optimizations being frequently bypassed. This could lead to excessive resource consumption and denial of service...
GHSA-94HH-JMQ8-2FGP Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass
Impact Summary A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal optimizations being frequently bypassed. This could lead to excessive resource consumption and denial of service...
Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass
Impact Summary A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal optimizations being frequently bypassed. This could lead to excessive resource consumption and denial of service...
PT-2025-15296 · Apollo · Apollo Router Core
Name of the Vulnerable Software and Affected Versions: Apollo Router Core versions prior to 1.61.2 Apollo Router Core versions prior to 2.1.1 Description: A vulnerability in the Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan...
CVE-2024-43414
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally. Instances of @apollo/query-planner =2.0.0 and =2.0.0 and 2.8.5 and Apollo Router 1.52.1...
Uncontrolled Recursion
@apollo/gateway and @apollo/query-planner are vulnerable to Uncontrolled Recursion. The vulnerability is due to the query planner potentially entering an infinite loop when processing sufficiently complex queries, leading to unbounded memory consumption and possible system crashes...
CVE-2024-43414
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally. Instances of @apollo/query-planner =2.0.0 and =2.0.0 and 2.8.5 and Apollo Router 1.52.1...
Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries
Impact Instances of @apollo/query-planner =2.0.0 and =2.0.0 and 2.8.5 and Apollo Router 1.52.1 are also impacted through their use of @apollo/query-planner. If @apollo/query-planner is asked to plan a sufficiently complex query, it may loop infinitely and never complete. This results in unbounded...
GHSA-FMJ9-77Q8-G6C4 Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries
Impact Instances of @apollo/query-planner =2.0.0 and =2.0.0 and 2.8.5 and Apollo Router 1.52.1 are also impacted through their use of @apollo/query-planner. If @apollo/query-planner is asked to plan a sufficiently complex query, it may loop infinitely and never complete. This results in unbounded...
@apollo/gateway (>=2.0.0 <=2.14.0), @dfanchon/gateway (=2.11.0) +68 more potentially affected by CVE-2024-43414 via @apollo/query-planner (>=2.10.0-alpha.0 <=2.8.4)
@apollo/query-planner NPM version =2.10.0-alpha.0, =2.0.0, =0.0.2-beta.4, =1.0.52, =1.7.3, =3.0.5, =3.0.4, =0.2.0, =0.11.46, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =8.6.7, =11.5.0 and more Source cves: CVE-2024-43414 Source advisory: OSV:GHSA-FMJ9-77Q8-G6C4...
CVE-2024-43414 Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally. Instances of @apollo/query-planner =2.0.0 and =2.0.0 and 2.8.5 and Apollo Router 1.52.1...
CVE-2024-43414
CVE-2024-43414 affects Apollo Federation components: @apollo/query-planner (v2.0.0–=2.0.0 and <2.8.5) and Apollo Router (
CVE-2024-43414 Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally. Instances of @apollo/query-planner =2.0.0 and =2.0.0 and 2.8.5 and Apollo Router 1.52.1...
CVE-2024-43414 Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally. Instances of @apollo/query-planner =2.0.0 and =2.0.0 and 2.8.5 and Apollo Router 1.52.1...
Apollo Federation 安全漏洞
Apollo Federation is an architecture for the Apollo community to declaratively combine APIs into a unified graph. A security vulnerability exists in Apollo Federation, which stems from the fact that if @apollo/query-planner is asked to plan a sufficiently complex query, it may loop indefinitely a...
PT-2024-30572 · Apollo · Apollo Gateway +2
Name of the Vulnerable Software and Affected Versions: @apollo/query-planner versions 2.0.0 through 2.8.4 @apollo/gateway versions 2.0.0 through 2.8.4 Apollo Router versions prior to 1.52.1 Description: The issue is a denial-of-service vulnerability that can cause the Apollo query planner to loop...