Severity: low

Information Exposure

type-graphql

Overview

Versions of type-graphql prior to 0.17.6 are vulnerable to Information Exposure. The package leaks the resolver source code in an error message. It is possible to force this error when no subscription topics are provided in the request.

Remediation

Upgrade to version 0.17.6 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Dec 23rd, 2019
  2. reported

    Reported by Bernard McManus
    Dec 23rd, 2019