@graphql-mesh/http@0.2.20 vulnerabilities

latest version

0.104.2
latest non vulnerable version

1.0.0
first published

2 years ago
latest version published

5 days ago
licenses detected
- MIT
  >=0
View @graphql-mesh/http package health on Snyk Advisor Open this link in a new tab

Direct Vulnerabilities

Known vulnerabilities in the @graphql-mesh/http package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Directory Traversal Affected versions of this package are vulnerable to Directory Traversal such that when `staticFiles` is set in the serve settings in the configuration file, the handler does not check if `absolutePath` is still under the directory provided as `staticFiles`. How to fix Directory Traversal? Upgrade `@graphql-mesh/http` to version 0.3.19 or higher.	<0.3.19