22 matches found
Prototype Pollution
Overview @apollo/gateway is a library exporting utility functions. Affected versions of this package are vulnerable to Prototype Pollution through incomplete sanitization of input in the query plan execution. An attacker can manipulate the Object.prototype in the gateway by crafting operations wi...
Prototype Pollution
Overview @apollo/query-planner is an Apollo Query Planner Affected versions of this package are vulnerable to Prototype Pollution through incomplete sanitization of input in the query plan execution. An attacker can manipulate the Object.prototype in the gateway by crafting operations with field...
Prototype Pollution
Overview @apollo/federation-internals is an Apollo Federation internal utilities Affected versions of this package are vulnerable to Prototype Pollution through incomplete sanitization of input in the query plan execution. An attacker can manipulate the Object.prototype in the gateway by crafting...
CVE-2026-32621 Apollo Federation has prototype pollution via incomplete key sanitization
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...
PT-2026-25379
Name of the Vulnerable Software and Affected Versions Apollo Federation versions prior to 2.9.6 Apollo Federation versions prior to 2.10.5 Apollo Federation versions prior to 2.11.6 Apollo Federation versions prior to 2.12.3 Apollo Federation versions prior to 2.13.2 Description Apollo Federation...
Needles in a Haystack: Using Forensic Network Science to Uncover Insider Trading
Although the automation and digitisation of anti-financial crime investigation has made significant progress in recent years, detecting insider trading remains a unique challenge, partly due to the limited availability of labelled data. To address this challenge, we propose using a data-driven...
PROVEX: Enhancing SOC Analyst Trust with Explainable Provenance-Based IDS
Modern intrusion detection systems IDS leverage graph neural networks GNNs to detect malicious activity in system provenance data, but their decisions often remain a black box to analysts. This paper presents a comprehensive XAI framework designed to bridge the trust gap in Security Operations...
Apollo Federation has Improper Enforcement of Access Control on Transitive Fields
Summary A vulnerability in Apollo Federation's composition logic did not enforce that fields depending on protected data through @requires and/or @fromContext directives have the same access control requirements as the fields they reference. This allowed queries to access protected fields...
Bridging Semantics and Structure for Software Vulnerability Detection Using Hybrid Network Models
Software vulnerabilities remain a persistent risk, yet static and dynamic analyses often overlook structural dependencies that shape insecure behaviors. Viewing programs as heterogeneous graphs, we capture control- and data-flow relations as complex interaction networks. Our hybrid framework...
Federated Spatiotemporal Graph Learning for Passive Attack Detection in Smart Grids
Smart grids are exposed to passive eavesdropping, where attackers listen silently to communication links. Although no data is actively altered, such reconnaissance can reveal grid topology, consumption patterns, and operational behavior, creating a gateway to more severe targeted attacks. Detecti...
Malicious code in matic-root-subgraphs (npm)
The package matic-root-subgraphs was found to contain malicious code...
MAL-2025-26011 Malicious code in matic-root-subgraphs (npm)
The package matic-root-subgraphs was found to contain malicious code...
Correlating Account on Ethereum Mixing Service Via Domain-Invariant Feature Learning
The untraceability of transactions facilitated by Ethereum mixing services like Tornado Cash poses significant challenges to blockchain security and financial regulation. Existing methods for correlating mixing accounts suffer from limited labeled data and vulnerability to noisy annotations, whic...
Malicious code in matic-child-subgraphs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 085980a7e031404b3267eff3f19584b087b5ce5329ce9fa17265b00ef3ea2f9a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-206 Malicious code in matic-child-subgraphs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 085980a7e031404b3267eff3f19584b087b5ce5329ce9fa17265b00ef3ea2f9a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-43414 Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally. Instances of @apollo/query-planner =2.0.0 and =2.0.0 and 2.8.5 and Apollo Router 1.52.1...
SUSE CVE-2021-29591
TensorFlow is an end-to-end open source platform for machine learning. TFlite graphs must not have loops between nodes. However, this condition was not checked and an attacker could craft models that would result in infinite loop during evaluation. In certain cases, the infinite loop would be...
GHSA-CWV3-863G-39VX Stack overflow due to looping TFLite subgraph
Impact TFlite graphs must not have loops between nodes. However, this condition was not checked and an attacker could craft models that would result in infinite loop during evaluation. In certain cases, the infinite loop would be replaced by stack overflow due to too many recursive calls. For...
PYSEC-2021-519
TensorFlow is an end-to-end open source platform for machine learning. TFlite graphs must not have loops between nodes. However, this condition was not checked and an attacker could craft models that would result in infinite loop during evaluation. In certain cases, the infinite loop would be...
PYSEC-2021-717
TensorFlow is an end-to-end open source platform for machine learning. TFlite graphs must not have loops between nodes. However, this condition was not checked and an attacker could craft models that would result in infinite loop during evaluation. In certain cases, the infinite loop would be...