3 matches found
Apollo Router Improperly Enforces Renamed Access Control Directives
Summary A vulnerability in Apollo Router allowed for unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes, and @policy that were renamed via @link imports. Router did not enforce renamed access control directives on schema...
GHSA-G8JH-VG5J-4H3F Apollo Router Improperly Enforces Renamed Access Control Directives
Summary A vulnerability in Apollo Router allowed for unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes, and @policy that were renamed via @link imports. Router did not enforce renamed access control directives on schema...
PT-2025-45381
Name of the Vulnerable Software and Affected Versions Apollo Router Core versions 1.61.12-rc.0 through 1.61.12 and 2.8.1-rc.0 through 2.8.1 Description Apollo Router Core, a Rust graph router for Apollo Federation 2, had a flaw where access control directives—specifically @authenticated,...