GHSA-xf64-2f9p-6pqq – type-graphql

Package

Manager: npm
Name: type-graphql
Vulnerable Version: >=0 <0.17.6

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Information Exposure in type-graphql Versions of `type-graphql` prior to 0.17.6 are vulnerable to Information Exposure. The package leaks the resolver source code in an error message. It is possible to force this error when no subscription topics are provided in the request. ## Recommendation Upgrade to version 0.17.6 or later.

Metadata

Created: 2020-09-04T17:24:08Z
Modified: 2020-08-31T18:59:32Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-xf64-2f9p-6pqq/GHSA-xf64-2f9p-6pqq.json
CWE IDs: ["CWE-209"]
Alternative ID: N/A
Finding: F037
Auto approve: 1