CVE-2023-45812

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Oct 18, 2023
Updated: Oct 30, 2023
CWE ID 754

Summary

CVE-2023-45812 is a Denial-of-Service (DoS) vulnerability affecting the Apollo Router, a configurable graph router written in Rust. The vulnerability occurs when a multi-part response is sent to the Router, causing it to panic and terminate. This vulnerability specifically affects users who have a coprocessor with coprocessor.supergraph.response configured in their router.yaml and also support either @defer or Subscriptions. The Apollo Router version 1.33.0 includes a fix for this vulnerability introduced in PR #4014. Users are advised to upgrade to this version to remediate the issue. In case upgrading is not feasible, users should avoid using the coprocessor supergraph response or disable defer and subscriptions support while continuing to use the coprocessor supergraph response. This vulnerability has a high severity rating with an exploitability score of 3.9 out of 10 and poses a potential danger of network-based attacks leading to availability impact on affected systems.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-45812 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options