Vulnerability	Vulnerable Version
C Prototype Pollution @apollo/federation-internals is an Apollo Federation internal utilities Affected versions of this package are vulnerable to Prototype Pollution through incomplete sanitization of input in the query plan execution. An attacker can manipulate the `Object.prototype` in the gateway by crafting operations with field aliases or variable names that target prototype-inheritable properties, or by compromising a subgraph and sending malicious JSON response payloads. This can result in unexpected application behavior, privilege escalation, or data integrity issues. How to fix Prototype Pollution? Upgrade `@apollo/federation-internals` to version 2.9.6, 2.10.5, 2.11.6, 2.12.3, 2.13.2 or higher.	<2.9.6>=2.10.0-alpha.0 <2.10.5>=2.11.0-preview.0 <2.11.6>=2.12.0-preview.0 <2.12.3>=2.13.0-preview.0 <2.13.2

Prototype Pollution

@apollo/federation-internals is an Apollo Federation internal utilities

Affected versions of this package are vulnerable to Prototype Pollution through incomplete sanitization of input in the query plan execution. An attacker can manipulate the Object.prototype in the gateway by crafting operations with field aliases or variable names that target prototype-inheritable properties, or by compromising a subgraph and sending malicious JSON response payloads. This can result in unexpected application behavior, privilege escalation, or data integrity issues.

How to fix Prototype Pollution?

Upgrade @apollo/federation-internals to version 2.9.6, 2.10.5, 2.11.6, 2.12.3, 2.13.2 or higher.

<2.9.6>=2.10.0-alpha.0 <2.10.5>=2.11.0-preview.0 <2.11.6>=2.12.0-preview.0 <2.12.3>=2.13.0-preview.0 <2.13.2

Go back to all versions of this package