Homepage

@envelop/graphql-modules@6.0.0 vulnerabilities

  • latest version

    9.1.0

  • latest non vulnerable version

    10.0.0-alpha-20260120160327-f0e44a27bc6ad05f4280abef2a479c95f03b9551

  • first published

    4 years ago

  • latest version published

    7 days ago

  • licenses detected

  • View graphql-modules package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the @envelop/graphql-modules package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Race Condition

    @envelop/graphql-modules is a This plugins integrates graphql-modules execution lifecycle into the GraphQL execution flow.

    Affected versions of this package are vulnerable to Race Condition via the useGraphQLModules plugin. An attacker can cause request context data to be mixed between parallel requests by making multiple simultaneous requests that trigger the same service, leading to data leakage or unintended access to another user's context.

    An application is susceptible to this race condition if its requests are processed together with contexts injected via @ExecutionContext() from a singleton provider.

    How to fix Race Condition?

    Upgrade @envelop/graphql-modules to version 9.1.0 or higher.

    <9.1.0
    Go back to all versions of this package