Xuorig

**Name of the Vulnerable Software and Affected Versions** Apollo Router versions 1.44.0 through 1.45.0 **Description** The issue stems from a bug in Apollo Router’s cache retrieval logic. When distributed query planning caching is enabled, asking the Router to execute an operation may result in an unexpected variation of that operation being executed or the generation of unexpected errors. This can lead to unintended data or effects, such as fetching incorrect results for a query or sending incorrect mutations to underlying subgraph servers. For example, rather than running `fetchUsers(type: ENTERPRISE)`, the Router may run `fetchUsers(type: TRIAL)`. For a mutation, this may result in incorrect mutations being sent to underlying subgraph servers, such as sending `deleteUser(id: 12)` instead of `deleteUser(id: 10)`. **Recommendations** To resolve the issue, upgrade to version 1.45.1 or above of the Apollo Router. As an alternative, downgrade to version 1.43.2 of the Apollo Router. If unable to upgrade or downgrade, disable distributed query plan caching by removing the `supergraph.query planning.cache.redis.urls` configuration to mitigate the issue.