External Influence of Sphere Definition Affecting @apollo/query-planner package, versions >=2.0.0 <2.8.5
Threat Intelligence
EPSS
0.06% (27th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-APOLLOQUERYPLANNER-7840415
- published 28 Aug 2024
- disclosed 27 Aug 2024
- credit Unknown
Introduced: 27 Aug 2024
CVE-2024-43414 Open this link in a new tabHow to fix?
Upgrade @apollo/query-planner
to version 2.8.5 or higher.
Overview
@apollo/query-planner is an Apollo Query Planner
Affected versions of this package are vulnerable to External Influence of Sphere Definition through the query planning process. An attacker can cause unbounded memory consumption and potential service disruption by submitting complex queries designed to exploit this flaw.
Workaround
Ensure that no fields are resolvable from multiple subgraphs.