EUVD-2024-2684

Malicious code in bioql PyPI...

CVE-2024-43783

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions =1.21.0 and =1.7.0 and 1.52.1 are impacted by a denial-of-service vulnerability if all of the...

GHSA-X6XQ-WHH3-GG32 Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies

Impact Instances of the Apollo Router using either of the following may be impacted by a denial-of-service vulnerability. 1. External Coprocessing with specific configurations; or 2. Native Rust Plugins accessing the Router request body in the RouterService layer Router customizations using Rhai...

Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies

Impact Instances of the Apollo Router using either of the following may be impacted by a denial-of-service vulnerability. 1. External Coprocessing with specific configurations; or 2. Native Rust Plugins accessing the Router request body in the RouterService layer Router customizations using Rhai...

CVE-2024-43783

The CVE affects Apollo Router Core. If using External Coprocessing, versions 1.21.x–1.52.0 with router.request.body enabled can load entire HTTP request bodies into memory, risking OOM. If using a Native Rust Plugin, versions 1.7.0–1.51.x that access Request.router_request and accumulate the body...

PT-2024-30653 · Apollo · Apollo Router

Name of the Vulnerable Software and Affected Versions: Apollo Router versions 1.7.0 through 1.52.0 Apollo Router versions 1.21.0 through 1.52.0 Description: The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo...