Lucene search
K

14 matches found

Github Security Blog
Github Security Blog
added 2026/05/04 10:22 p.m.28 views

webonyx/graphql-php has quadratic validation cost in OverlappingFieldsCanBeMerged via inline fragments

Summary OverlappingFieldsCanBeMerged validation rule has On^2 x m^2 worst case via flattened inline fragments. The CVE-2023-26144 named-fragment cache does not cover inline fragments. A 364 KB query 200 outer x 100 inner inline fragments consumes 117 seconds of CPU per request, with no comparison...

5.3CVSS6.6AI score0.01198EPSS
Exploits1References9Affected Software1
OSV
OSV
added 2026/05/04 10:22 p.m.4 views

GHSA-FC86-6RV6-2JPM webonyx/graphql-php has quadratic validation cost in OverlappingFieldsCanBeMerged via inline fragments

Summary OverlappingFieldsCanBeMerged validation rule has On^2 x m^2 worst case via flattened inline fragments. The CVE-2023-26144 named-fragment cache does not cover inline fragments. A 364 KB query 200 outer x 100 inner inline fragments consumes 117 seconds of CPU per request, with no comparison...

7.5CVSS5.9AI score
Exploits0References9
Cvelist
Cvelist
added 2025/04/09 4:5 p.m.16 views

CVE-2025-32380 Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively...

7.5CVSS0.00498EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/07 8:50 p.m.6 views

CVE-2025-32034 Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, a vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively...

7.5CVSS7AI score0.00477EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/04/07 8:50 p.m.39 views

CVE-2025-32034 Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, a vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively...

7.5CVSS0.00477EPSS
Exploits0References3
CVE
CVE
added 2025/04/07 8:38 p.m.58 views

CVE-2025-32030

CVE-2025-32030 concerns Apollo Gateway (GraphQL federation). The vulnerability occurs prior to version 2.10.1, where queries using deeply nested and reused named fragments could trigger prohibitively expensive query planning. Specifically, named fragments were expanded once per fragment spread du...

7.5CVSS7AI score0.00456EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2025/04/07 8:34 p.m.49 views

CVE-2025-31496

CVE-2025-31496 affects the Apollo Compiler (GraphQL) prior to version 1.27.0. The vulnerability arises from how deeply nested and reused named fragments are validated, where each named fragment could be processed once per fragment spread, causing exponential resource consumption and potential den...

7.5CVSS6.9AI score0.00376EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/07 8:34 p.m.7 views

CVE-2025-31496 apollo-compiler Named Fragment Processing Vulnerability

apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in...

7.5CVSS6.9AI score0.00376EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/07 8:34 p.m.16 views

CVE-2025-31496 apollo-compiler Named Fragment Processing Vulnerability

apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in...

7.5CVSS0.00376EPSS
Exploits0References2
OSV
OSV
added 2025/04/07 7:9 p.m.5 views

GHSA-7MPV-9XG6-5R79 Apollo Compiler Named Fragment Processing Vulnerability

Impact Summary A vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. This could lead to excessive resource consumption and denial of service in applications. Details Named fragments were being processed once per...

7.5CVSS7.1AI score0.00376EPSS
Exploits0References4
OSV
OSV
added 2025/04/07 7:3 p.m.9 views

GHSA-Q2F9-X4P4-7XMH Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion

Impact Summary A vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named fragment expansion. This could lead to excessive resource consumption and denial of service. Details Named fragment...

7.5CVSS7AI score0.00456EPSS
Exploits0References5
OSV
OSV
added 2025/04/07 7:0 p.m.10 views

GHSA-3J43-9V8V-CP3F Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing

Impact Summary A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. This could lead to excessive resource consumption and denial of service. Details Named fragments were being processed...

7.5CVSS7AI score0.00498EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/04/07 6:57 p.m.18 views

Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion

Impact Summary A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named fragment expansion. This could lead to excessive resource consumption and denial of service. Details Named fragments...

7.5CVSS7AI score0.00477EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/04/07 6:57 p.m.9 views

GHSA-75M2-JHH5-J5G2 Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion

Impact Summary A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named fragment expansion. This could lead to excessive resource consumption and denial of service. Details Named fragments...

7.5CVSS7AI score0.00477EPSS
Exploits0References5
Rows per page
Query Builder