Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion
Vulnerability Description
Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named fragment expansion. Named fragments were being expanded once per fragment spread during query planning, leading to exponential resource usage when deeply nested and reused fragments were involved. This could lead to excessive resource consumption and denial of service. This has been remediated in @apollo/gateway version 2.10.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Apollo Federation 安全漏洞
Vulnerability Description
Apollo Federation是Apollo社区的一种以声明方式将 API 组合成统一图的架构。 Apollo Federation 2.10.1之前版本存在安全漏洞,该漏洞源于片段扩展处理不当,可能导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A