CVE-2023-41317

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Sep 5, 2023
Updated: Sep 8, 2023
CWE ID 755

Summary

CVE-2023-41317 is a vulnerability affecting the Apollo Router, a high-performance graph router written in Rust. This vulnerability, classified as a Denial-of-Service (DoS) type, causes the Router to panic and terminate when GraphQL Subscriptions are enabled. To exploit this vulnerability, the following conditions must be met: running impacted versions of Apollo Router (v1.28.0, v1.28.1, or v1.29.0), having a Supergraph schema with a `subscription` type defined, and enabling subscriptions in the YAML configuration. The vulnerability has a base severity of MEDIUM and an exploitability score of 2.2 out of 10. It affects multiple products and poses a potential danger to organizations by allowing attackers to disrupt the functioning of the router and potentially impact availability.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-41317 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options