Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-4337-rtsx-nqfx
Vulnerability ID VCID-4337-rtsx-nqfx
Aliases CVE-2024-43783
GHSA-x6xq-whh3-gg32
Summary
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-770 Allocation of Resources Without Limits or Throttling
System Score Found at
epss 0.00625 https://api.first.org/data/v1/epss?cve=CVE-2024-43783
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-x6xq-whh3-gg32
cvssv3.1 7.5 https://github.com/apollographql/router
cvssv4 8.7 https://github.com/apollographql/router
generic_textual HIGH https://github.com/apollographql/router
cvssv3.1 7.5 https://github.com/apollographql/router/commit/7a9c020608a62dcaa306b72ed0f6980f15923b14
cvssv4 8.7 https://github.com/apollographql/router/commit/7a9c020608a62dcaa306b72ed0f6980f15923b14
generic_textual HIGH https://github.com/apollographql/router/commit/7a9c020608a62dcaa306b72ed0f6980f15923b14
ssvc Track https://github.com/apollographql/router/commit/7a9c020608a62dcaa306b72ed0f6980f15923b14
cvssv3.1 7.5 https://github.com/apollographql/router/releases/tag/v1.52.1
cvssv4 8.7 https://github.com/apollographql/router/releases/tag/v1.52.1
generic_textual HIGH https://github.com/apollographql/router/releases/tag/v1.52.1
ssvc Track https://github.com/apollographql/router/releases/tag/v1.52.1
cvssv3.1 7.5 https://github.com/apollographql/router/security/advisories/GHSA-x6xq-whh3-gg32
cvssv3.1_qr HIGH https://github.com/apollographql/router/security/advisories/GHSA-x6xq-whh3-gg32
cvssv4 8.7 https://github.com/apollographql/router/security/advisories/GHSA-x6xq-whh3-gg32
generic_textual HIGH https://github.com/apollographql/router/security/advisories/GHSA-x6xq-whh3-gg32
ssvc Track https://github.com/apollographql/router/security/advisories/GHSA-x6xq-whh3-gg32
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-43783
cvssv4 8.7 https://nvd.nist.gov/vuln/detail/CVE-2024-43783
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2024-43783
cvssv3.1 7.5 https://www.apollographql.com/docs/router/configuration/overview/#request-limits
cvssv4 8.7 https://www.apollographql.com/docs/router/configuration/overview/#request-limits
generic_textual HIGH https://www.apollographql.com/docs/router/configuration/overview/#request-limits
ssvc Track https://www.apollographql.com/docs/router/configuration/overview/#request-limits
cvssv3.1 7.5 https://www.apollographql.com/docs/router/customizations/coprocessor
cvssv4 8.7 https://www.apollographql.com/docs/router/customizations/coprocessor
generic_textual HIGH https://www.apollographql.com/docs/router/customizations/coprocessor
ssvc Track https://www.apollographql.com/docs/router/customizations/coprocessor
cvssv3.1 7.5 https://www.apollographql.com/docs/router/customizations/native
cvssv4 8.7 https://www.apollographql.com/docs/router/customizations/native
generic_textual HIGH https://www.apollographql.com/docs/router/customizations/native
ssvc Track https://www.apollographql.com/docs/router/customizations/native
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-43783
https://github.com/apollographql/router
https://github.com/apollographql/router/commit/7a9c020608a62dcaa306b72ed0f6980f15923b14
https://github.com/apollographql/router/releases/tag/v1.52.1
https://www.apollographql.com/docs/router/configuration/overview/#request-limits
https://www.apollographql.com/docs/router/customizations/coprocessor
https://www.apollographql.com/docs/router/customizations/native
CVE-2024-43783 https://nvd.nist.gov/vuln/detail/CVE-2024-43783
GHSA-x6xq-whh3-gg32 https://github.com/advisories/GHSA-x6xq-whh3-gg32
GHSA-x6xq-whh3-gg32 https://github.com/apollographql/router/security/advisories/GHSA-x6xq-whh3-gg32
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apollographql/router
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at https://github.com/apollographql/router
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apollographql/router/commit/7a9c020608a62dcaa306b72ed0f6980f15923b14
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at https://github.com/apollographql/router/commit/7a9c020608a62dcaa306b72ed0f6980f15923b14
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-27T18:04:15Z/ Found at https://github.com/apollographql/router/commit/7a9c020608a62dcaa306b72ed0f6980f15923b14
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apollographql/router/releases/tag/v1.52.1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at https://github.com/apollographql/router/releases/tag/v1.52.1
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-27T18:04:15Z/ Found at https://github.com/apollographql/router/releases/tag/v1.52.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apollographql/router/security/advisories/GHSA-x6xq-whh3-gg32
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at https://github.com/apollographql/router/security/advisories/GHSA-x6xq-whh3-gg32
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-27T18:04:15Z/ Found at https://github.com/apollographql/router/security/advisories/GHSA-x6xq-whh3-gg32
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-43783
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-43783
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.apollographql.com/docs/router/configuration/overview/#request-limits
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at https://www.apollographql.com/docs/router/configuration/overview/#request-limits
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-27T18:04:15Z/ Found at https://www.apollographql.com/docs/router/configuration/overview/#request-limits
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.apollographql.com/docs/router/customizations/coprocessor
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at https://www.apollographql.com/docs/router/customizations/coprocessor
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-27T18:04:15Z/ Found at https://www.apollographql.com/docs/router/customizations/coprocessor
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.apollographql.com/docs/router/customizations/native
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Found at https://www.apollographql.com/docs/router/customizations/native
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-27T18:04:15Z/ Found at https://www.apollographql.com/docs/router/customizations/native
Exploit Prediction Scoring System (EPSS)
Percentile 0.7051
EPSS Score 0.00625
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T22:43:02.383659+00:00 EPSS Importer Import https://epss.cyentia.com/epss_scores-current.csv.gz 38.6.0