CNNVD-202602-592 Information
CNNVD ID
CNNVD-202602-592
Related CVE
- CNNVD Published: 2026-02-04
Description (Chinese)
@apollo/server是Apollo GraphQL开源的一个JS代码包。 @apollo/server 3.13.0之前版本、4.13.0之前版本和5.4.0之前版本存在安全漏洞,该漏洞源于默认配置对特殊字符集编码请求处理不当,可能导致拒绝服务攻击。
Description (English)
@apollo/server is a JS package open from Apollo GraphQL. @apollolo/server: 3.1.30.0 There is a security loophole in the pre-version, in the pre-version 4.13.0 and in the pre-version 5.4.0, which results from the default configuration ’ s mishandling of requests for special character set coding, which may lead to the denial of service attacks.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Apollo GraphQL
Published
2026-02-04
Last Modified
2026-02-24
References
https://github.com/apollographql/apollo-server/security/advisories/GHSA-mp6q-xf9x-fwf7 https://github.com/apollographql/apollo-server/commit/e9d49d163a86b8a33be56ed27c494b9acd5400a4 https://github.com/apollographql/apollo-server/commit/d25a5bdc377826ad424fcf7f8d1d062055911643 https://access.redhat.com/security/cve/cve-2026-23897
Patch
https://www.apollographql.com/
Share on: