@graphql-mesh/runtime@0.96.7 vulnerabilities

  • latest version

    0.105.10

  • latest non vulnerable version

  • first published

    4 years ago

  • latest version published

    3 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the @graphql-mesh/runtime package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Uncontrolled Resource Consumption ('Resource Exhaustion')

    Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') when the cache variables function is used in conjunction with operations and transforms at the root level. An attacker can manipulate the system to use initial variables in all subsequent requests, even if the variables change, by sending the same query with different variables. This can result in a short-term memory leak, as the system will continue to use the initial variables until the cache evicts the DocumentNode through the LRU mechanism.

    How to fix Uncontrolled Resource Consumption ('Resource Exhaustion')?

    Upgrade @graphql-mesh/runtime to version 0.96.9 or higher.

    >=0.96.5 <0.96.9