Primary

Context

Apollo Compiler Excessive Resource Consumption Vulnerability via Named Fragment Processing

Vulnerability

A denial-of-service vulnerability has been identified in the Apollo Compiler for GraphQL, affecting versions prior to 1.27.0. The issue arises from the query validation process, where named fragments are sometimes processed multiple times for each fragment spread. This behavior can lead to exponential resource consumption, particularly with deeply nested and reused fragments, causing excessive load and potential service disruption in applications.

Impact

Exploitation of this vulnerability can result in excessive resource consumption, leading to a denial-of-service condition in applications using the affected version of Apollo Compiler.

Remediation

Users can upgrade to Apollo Compiler version 1.27.0 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apollo Compiler Excessive Resource Consumption Vulnerability via Named Fragment Processing

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating