18 matches found
CVE-2026-32621
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...
CVE-2026-32621
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...
CVE-2026-32621
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...
CVE-2026-32621 Apollo Federation has prototype pollution via incomplete key sanitization
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...
CVE-2026-32621
CVE-2026-32621 affects Apollo Federation’s gateway, with a root cause in query plan execution leading to possible pollution of Object.prototype. The advisory and CVE entry indicate the issue exists prior to fixes in versions 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, involving either crafted oper...
EUVD-2024-1741
Malicious code in bioql PyPI...
EUVD-2024-33374
Malicious code in bioql PyPI...
Important: libpq
Issue Overview: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query...
SUSE CVE-2024-10976
Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...
CVE-2024-10976
Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...
Apollo Router vulnerable to Critical Regression In Query Plan Cache
Impact Any instance of Apollo Router 1.44.0 or 1.45.0 that is using Distributed Query Plan Caching is impacted. These versions were released on 2024-04-12 and 2024-04-22 respectively. The affected versions of Apollo Router contain a bug that could lead to unexpected operations being executed, whi...
GHSA-Q9P4-HW9M-FJ2V Apollo Router vulnerable to Critical Regression In Query Plan Cache
Impact Any instance of Apollo Router 1.44.0 or 1.45.0 that is using Distributed Query Plan Caching is impacted. These versions were released on 2024-04-12 and 2024-04-22 respectively. The affected versions of Apollo Router contain a bug that could lead to unexpected operations being executed, whi...
CVE-2024-32971
Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumstances, could lead to unexpected operations being executed which can result in unintended data or...
CVE-2024-32971 Defect in query plan cache may cause incorrect operations to be executed in Apollo Router
Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumstances, could lead to unexpected operations being executed which can result in unintended data or...
CVE-2024-32971 Defect in query plan cache may cause incorrect operations to be executed in Apollo Router
Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumstances, could lead to unexpected operations being executed which can result in unintended data or...
CVE-2024-32971
CVE-2024-32971 affects Apollo Router when using distributed query plan caching. A bug in the router’s cache retrieval logic may cause an operation (query, mutation, or subscription) to execute a modified version of a previously run operation, potentially yielding unexpected results or errors. Pub...
CVE-2024-32971 Defect in query plan cache may cause incorrect operations to be executed in Apollo Router
Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumstances, could lead to unexpected operations being executed which can result in unintended data or...
PostgreSQL 9.5.x < 9.5.2 Multiple Vulnerabilities
The version of PostgreSQL installed on the remote host is 9.5.x prior to 9.5.2. It is, therefore, affected by multiple vulnerabilities : - A flaw exists that is triggered when a query plan is incorrectly reused for more than one ROLE within the same session. An authenticated, remote attacker can...