8 matches found
CVE-2025-64347
Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes...
CVE-2025-64347
Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes...
CVE-2025-64347 Apollo Router Improperly Enforces Renamed Access Control Directives
Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes...
CVE-2025-64347 Apollo Router Improperly Enforces Renamed Access Control Directives
Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes...
CVE-2025-64347
CVE-2025-64347 concerns Apollo Router Core. Affected: Router Core with Apollo Federation 2, specifically versions 1.61.12-rc.0 and below, and 2.8.1-rc.0 and below. Root cause: access control directives renamed via @link imports were not enforced on renamed schema elements (e.g., fields and types)...
Apollo Router Improperly Enforces Renamed Access Control Directives
Summary A vulnerability in Apollo Router allowed for unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes, and @policy that were renamed via @link imports. Router did not enforce renamed access control directives on schema...
FreeBSD : postgresql-server -- CREATE SCHEMA ... schema elements defeats protective search_path changes (fbb5a260-f00f-11ed-bbae-6cc21735f730)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fbb5a260-f00f-11ed-bbae-6cc21735f730 advisory. - CREATE SCHEMA ... schemaelement defeats protective searchpath changesmore details CVE-2023-2454 Note...
postgresql-server -- CREATE SCHEMA ... schema elements defeats protective search_path changes
PostgreSQL Project reports This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users...