apollo-server-core@2.7.2 vulnerabilities
Core engine for Apollo GraphQL server
latest version
3.13.0
latest non vulnerable version
first published
7 years ago
latest version published
1 years ago
deprecated
Package is deprecated
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the apollo-server-core package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
apollo-server-core is a core module of the Apollo community GraphQL Server. Affected versions of this package are vulnerable to Information Exposure when it can log sensitive information, such as Studio API keys, if they are passed incorrectly with leading/trailing whitespace or if they have any characters that are invalid as part of a header value. Note Users are affected only if all the conditions are true:
How to fix Information Exposure? Upgrade | <2.26.1>=3.0.0 <3.12.1 |
apollo-server-core is a core module of the Apollo community GraphQL Server. Affected versions of this package are vulnerable to Denial of Service (DoS) by accepting an unbounded amount of memory in the cache. NOTE:
The size of a cache can be limited with the How to fix Denial of Service (DoS)? Upgrade | <3.9.0 |
apollo-server-core is a core module of the Apollo community GraphQL Server. Affected versions of this package are vulnerable to Information Exposure. It does not properly enforce validation rules when creating subscription servers, which includes a How to fix Information Exposure? Upgrade | <2.14.2 |