CNNVD-202511-1675 Information

CNNVD ID

CNNVD-202511-1675

Related CVE

CVE-2025-64530

• CNNVD Published: 2025-11-13

Description (Chinese)

Apollo Federation是Apollo社区的一种以声明方式将 API 组合成统一图的架构。 Apollo Federation 2.9.5之前版本、2.10.4之前版本、2.11.5之前版本和2.12.1之前版本存在安全漏洞，该漏洞源于组合逻辑存在缺陷，可能导致绕过访问控制。

Description (English)

Apollo Federation is a framework for the community of Apollo as well as for the integration of API into a unified map. There is a security loophole in previous versions of Apollo Federal 2.9.5, 2.10.4, 2.11.5 and 2.12.1, which stems from shortcomings in the combination logic and may lead to circumvention of access controls.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Apollo

Published

2025-11-13

Last Modified

2026-02-24

References

https://github.com/apollographql/federation/security/advisories/GHSA-mx7m-j9xf-62hw https://access.redhat.com/security/cve/cve-2025-64530

Patch

https://github.com/apollographql/federation/releases