CNNVD-202511-486 Information
CNNVD ID
CNNVD-202511-486
Related CVE
- CNNVD Published: 2025-11-06
Description (Chinese)
Apollo Router Core是Apollo社区的一个路由器核心应用程序。 Apollo Router Core 1.61.11之前版本和2.0.0-alpha.0版本至2.8.1-rc.0版本存在安全漏洞,该漏洞源于访问控制指令处理不当,可能导致未经验证的查询访问受限数据。
Description (English)
Apollo Router Core is a router core application for the community of Apollo. Prior to Apollo Router Core 1.61.11 and from 2.0.0-alpha.0 to 2.8.1-rc.0, there is a security loophole, which stems from inadequate handling of access control instructions and may lead to unverified access to restricted data.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Apollo
Published
2025-11-06
Last Modified
2026-02-24
References
https://github.com/apollographql/router/releases/tag/v2.8.1 https://github.com/apollographql/router/security/advisories/GHSA-x33c-7c2v-mrj9 https://www.apollographql.com/docs/graphos/routing/security/authorization#authorization-directives
Patch
https://github.com/apollographql/router/releases
Share on: