GHSA-xf64-2f9p-6pqq

Опубликовано: 04 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Information Exposure in type-graphql

Versions of type-graphql prior to 0.17.6 are vulnerable to Information Exposure. The package leaks the resolver source code in an error message. It is possible to force this error when no subscription topics are provided in the request.

Recommendation

Upgrade to version 0.17.6 or later.

Ссылки

https://github.com/MichalLytek/type-graphql/issues/489
https://www.npmjs.com/advisories/1444

Пакеты

Наименование

type-graphql

npm

Затронутые версииВерсия исправления

< 0.17.6

0.17.6

Дефекты

CWE-209

Дефекты

CWE-209