3 matches found
CVE-2025-32030
CVE-2025-32030 concerns Apollo Gateway (GraphQL federation). The vulnerability occurs prior to version 2.10.1, where queries using deeply nested and reused named fragments could trigger prohibitively expensive query planning. Specifically, named fragments were expanded once per fragment spread du...
CVE-2025-32030 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion
Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named...
2mxdev-gql-gateway (=1.0.0), @2mxdev/gql-gateway (>=1.0.0 <=4.0.2) +217 more potentially affected by CVE-2025-32030 via @apollo/gateway (>=0.10.4 <=2.10.0)
@apollo/gateway NPM version =0.10.4, =1.0.0, =1.0.0, =0.0.7, =0.0.1-feature-ci-publish.2, =0.0.1-feature-ci-publish.2, =0.6.5, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =0.0.22 and more Source cves: CVE-2025-32030 Source advisory: OSV:GHSA-Q2F9-X4P4-7XMH...