CVE-2024-43783: Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies
Instances of the Apollo Router using either of the following may be impacted by a denial-of-service vulnerability.
- External Coprocessing with specific configurations; or
- Native Rust Plugins accessing the Router request body in the RouterService layer
Router customizations using Rhai scripts are not impacted.
References
- github.com/advisories/GHSA-x6xq-whh3-gg32
- github.com/apollographql/router
- github.com/apollographql/router/commit/7a9c020608a62dcaa306b72ed0f6980f15923b14
- github.com/apollographql/router/releases/tag/v1.52.1
- github.com/apollographql/router/security/advisories/GHSA-x6xq-whh3-gg32
- nvd.nist.gov/vuln/detail/CVE-2024-43783
Code Behaviors & Features
Detect and mitigate CVE-2024-43783 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →