Lucene search
K

10 matches found

Veracode
Veracode
added 2025/04/16 11:16 a.m.8 views

Denial Of Service (DoS)

@apollo/gateway is vulnerable to a Denial Of Service DoS. The vulnerability is due to inefficient query planning due to internal optimizations being bypassed when processing deeply nested and reused named fragments...

7.5CVSS6.6AI score0.00557EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/09 11:21 p.m.20 views

CVE-2025-32034

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, a vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively...

7.5CVSS6.7AI score0.00512EPSS
Exploits0References1
OSV
OSV
added 2025/04/07 8:50 p.m.18 views

CVE-2025-32034 Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, a vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively...

7.5CVSS6.5AI score0.00512EPSS
Exploits0References5
CVE
CVE
added 2025/04/07 8:50 p.m.61 views

CVE-2025-32034

The CVE-2025-32034 vulnerability affects Apollo Router Core (Rust) prior to versions 1.61.2 and 2.1.1. It stems from how named fragments are expanded during query planning, causing exponential resource usage when deeply nested/reused fragments are present, potentially leading to denial of service...

7.5CVSS7AI score0.00512EPSS
Exploits0References3
OSV
OSV
added 2025/04/07 8:38 p.m.8 views

CVE-2025-32030 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion

Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named...

7.5CVSS6.5AI score0.0049EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/04/07 8:38 p.m.11 views

CVE-2025-32030 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion

Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named...

7.5CVSS7AI score0.0049EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/04/07 8:38 p.m.29 views

CVE-2025-32030 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion

Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named...

7.5CVSS0.0049EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/04/07 7:9 p.m.20 views

Apollo Compiler Named Fragment Processing Vulnerability

Impact Summary A vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. This could lead to excessive resource consumption and denial of service in applications. Details Named fragments were being processed once per...

7.5CVSS7.1AI score0.00404EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/04/07 7:3 p.m.12 views

Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion

Impact Summary A vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named fragment expansion. This could lead to excessive resource consumption and denial of service. Details Named fragment...

7.5CVSS7AI score0.0049EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/07 12:0 a.m.5 views

PT-2025-15296 · Apollo · Apollo Router Core

Name of the Vulnerable Software and Affected Versions: Apollo Router Core versions prior to 1.61.2 Apollo Router Core versions prior to 2.1.1 Description: A vulnerability in the Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan...

7.5CVSS6.3AI score0.00551EPSS
Exploits0References12
Rows per page
Query Builder