CLSA-2025-1760020147 Fix CVE(s): CVE-2025-9714

SECURITY UPDATE: uncontrolled recursion causing stack overflow via crafted XPath expressions - debian/patches/CVE-2025-9714-.patch: Add comprehensive XPath DoS protection including operation limits, recursion depth controls, and proper handling of recursive invocations to prevent stack overflows...

CVE-2025-32033 Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, the operation limits plugin uses unsigned 32-bit integers to track limit counters e.g. for a query's height. If a counter...

CVE-2025-32033

CVE-2025-32033 affects the Apollo Router Core. The root issue is that the operation limits plugin used unsigned 32-bit counters to track limits (e.g., query height). If a counter exceeded 4,294,967,295 it could wrap to 0, unintentionally bypassing configured thresholds. This vulnerability is expl...

GHSA-84M6-5M72-45FP Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow

Impact Summary A vulnerability in Apollo Router allowed certain queries to bypass configured operation limits, specifically due to integer overflow. Details The operation limits plugin uses unsigned 32-bit integers to track limit counters e.g. for a query's height. If a counter exceeded the maxim...

Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow

Impact Summary A vulnerability in Apollo Router allowed certain queries to bypass configured operation limits, specifically due to integer overflow. Details The operation limits plugin uses unsigned 32-bit integers to track limit counters e.g. for a query's height. If a counter exceeded the maxim...