Name of the Vulnerable Software and Affected Versions @apollo/gateway versions prior to 0.6.2

Description The issue allows attackers to alter the Object prototype through queries with GraphQL aliases, potentially leading to Denial of Service or Remote Code Execution when chained with other vulnerabilities. This is due to the use of deepMerge() to merge objects, which can be exploited with carefully constructed payloads to override properties of all objects in the application.

Recommendations Upgrade to version 0.6.2 or later.