CVE-2025-32033

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, the operation limits plugin uses unsigned 32-bit integers to track limit counters e.g. for a query's height. If a counter...

CVE-2025-32380 Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively...

CVE-2025-32033 Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, the operation limits plugin uses unsigned 32-bit integers to track limit counters e.g. for a query's height. If a counter...

Apollo Router Core 缓冲区错误漏洞

Apollo Router Core is a router core application for the Apollo community. A buffer error vulnerability exists in Apollo Router Core versions prior to 1.61.2 and prior to 2.1.1, which stems from an operation limit counter overflow that could cause a query to bypass a threshold...

Apollo Router Core 安全漏洞

Apollo Router Core is a router core application for the Apollo community. A security vulnerability exists in Apollo Router Core versions prior to 1.61.2 and prior to 2.1.1, which stems from mishandling of fragment extensions and could result in a denial of service...