CNNVD-202511-796 Information
CNNVD ID
CNNVD-202511-796
Related CVE
- CNNVD Published: 2025-11-07
Description (Chinese)
Apollo Router Core是Apollo社区的一个路由器核心应用程序。 Apollo Router Core 1.61.12-rc.0及之前版本和2.8.1-rc.0版本存在访问控制错误漏洞,该漏洞源于未强制执行重命名的访问控制指令,可能导致绕过元素级访问控制。
Description (English)
Apollo Router Core is a router core application for the community of Apollo. Apollo Router Core 1.61.12-rc.0 and previous and 2.8.1-rc.0 versions have access control bugs, which stem from the failure to enforce renamed access control instructions and may result in circumventing element-level access controls.
Hazard Level
Medium
Vulnerability Type
访问控制错误
Affected Vendor
Apollo
Published
2025-11-07
Last Modified
2026-02-24
References
https://github.com/apollographql/router/commit/78e4b20a2fc26cc5f141aa47992ed85375266a2b https://github.com/apollographql/router/security/advisories/GHSA-g8jh-vg5j-4h3f https://access.redhat.com/security/cve/cve-2025-64347
Patch
https://www.apollographql.com/docs/graphos/routing
Share on: