CVE-2023-41317: Apollo Router Unnamed "Subscription" operation results in Denial-of-Service
(updated )
This is a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are enabled. It can be triggered when all of the following conditions are met:
References
- github.com/advisories/GHSA-w8vq-3hf9-xppx
- github.com/apollographql/router
- github.com/apollographql/router/commit/b295c103dd86c57c848397d32e8094edfa8502aa
- github.com/apollographql/router/releases/tag/v1.29.1
- github.com/apollographql/router/security/advisories/GHSA-w8vq-3hf9-xppx
- nvd.nist.gov/vuln/detail/CVE-2023-41317
Code Behaviors & Features
Detect and mitigate CVE-2023-41317 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →