CVE-2024-43783
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/08/2024
Last modified:
12/09/2024
Description
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions >=1.21.0 and =1.7.0 and
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:apollographql:apollo-router:*:*:*:*:*:rust:*:* | 1.7.0 (including) | 1.52.1 (excluding) |
| cpe:2.3:a:apollographql:apollo_helms-charts_router:*:*:*:*:*:*:*:* | 1.7.0 (including) | 1.52.1 (excluding) |
| cpe:2.3:a:apollographql:apollo_router:*:*:*:*:*:*:*:* | 1.7.0 (including) | 1.52.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/apollographql/router/commit/7a9c020608a62dcaa306b72ed0f6980f15923b14
- https://github.com/apollographql/router/releases/tag/v1.52.1
- https://github.com/apollographql/router/security/advisories/GHSA-x6xq-whh3-gg32
- https://www.apollographql.com/docs/router/configuration/overview/#request-limits
- https://www.apollographql.com/docs/router/customizations/coprocessor
- https://www.apollographql.com/docs/router/customizations/native