@apollo/server@4.7.2 vulnerabilities
Core engine for Apollo GraphQL server
-
latest version
4.11.2
-
latest non vulnerable version
-
first published
5 years ago
-
latest version published
23 days ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the @apollo/server package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
@apollo/server is a spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. Successor to apollo-server-core, et al. Affected versions of this package are vulnerable to Information Exposure when it can log sensitive information, such as Studio API keys, if they are passed incorrectly with leading/trailing whitespace or if they have any characters that are invalid as part of a header value. Note Users are affected only if all the conditions are true:
How to fix Information Exposure? Upgrade |
<4.9.3
|
@apollo/server is a spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. Successor to apollo-server-core, et al. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper application of Content Security Policies (CSP), which fails to prevent XSS in the event that there is a viable attack vector for an XSS attack. How to fix Cross-site Scripting (XSS)? Upgrade |
>=4.0.0 <4.7.4
|