CVE-2023-45812

Name of the Vulnerable Software and Affected Versions Apollo Router versions prior to 1.33.0

Description The Apollo Router is subject to a Denial-of-Service (DoS) type issue that causes it to panic and terminate when a multi-part response is sent. This occurs when users send queries to the router that use the @defer or Subscriptions, and the router is configured with a coprocessor having coprocessor.supergraph.response in its router.yaml and supporting either @defer or Subscriptions.

Recommendations For versions prior to 1.33.0, upgrade to version 1.33.0 to resolve the issue. As a temporary workaround for users unable to upgrade, consider avoiding the use of the coprocessor supergraph response or disabling defer and subscriptions support by setting supergraph.defer support to false and subscription.enabled to false in the router.yaml configuration.