Description

apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in some cases during query validation, leading to exponential resource usage when deeply nested and reused fragments were involved. This could lead to excessive resource consumption and denial of service in applications. This vulnerability is fixed in 1.27.0.

INFO

Published Date :

2025-04-07T20:34:46.624Z

Last Modified :

2025-04-08T16:00:33.160Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-31496 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-31496.

URL Resource
https://github.com/apollographql/apollo-rs/pull/952 cve-icon cve-icon
https://github.com/apollographql/apollo-rs/security/advisories/GHSA-7mpv-9xg6-5r79 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact