CVE-2023-45812

Summary

CVE-2023-45812 affects the Apollo Router, a high-performance graph router used for federated supergraphs in Apollo Federation. This vulnerability results in a Denial-of-Service (DoS) issue, causing the Router to panic and terminate when handling multi-part responses. This issue arises when queries contain `@defer` or Subscriptions, and the coprocessor with `coprocessor.supergraph.response` is configured in the `router.yaml`. Users running affected versions (prior to 1.33.0) are advised to upgrade to the latest version, which includes a fix for this vulnerability (PR #4014). Alternatively, users unable to upgrade should avoid using the coprocessor supergraph response or disable defer and subscriptions support.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.