DoS Vulnerability in Apollo Compiler Affects GraphQL Applications
CVE-2025-31496
7.5HIGH
What is CVE-2025-31496?
The Apollo Compiler is a query-based compiler for GraphQL. Before version 1.27.0, it suffered from a vulnerability allowing queries with deeply nested and reused named fragments to consume excessive resources during validation. This issue arises because named fragments are processed multiple times during query validation, particularly in complex queries. As a result, applications may experience significant performance degradation or complete denial of service due to this exponential resource consumption. The problem has been addressed in version 1.27.0.
Affected Version(s)
apollo-rs < 1.27.0