3.13.0
7 years ago
1 years ago
Package is deprecated
Known vulnerabilities in the apollo-server-core package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
apollo-server-core is a core module of the Apollo community GraphQL Server. Affected versions of this package are vulnerable to Information Exposure when it can log sensitive information, such as Studio API keys, if they are passed incorrectly with leading/trailing whitespace or if they have any characters that are invalid as part of a header value. Note Users are affected only if all the conditions are true:
How to fix Information Exposure? Upgrade | <2.26.1>=3.0.0 <3.12.1 |
apollo-server-core is a core module of the Apollo community GraphQL Server. Affected versions of this package are vulnerable to Cache Poisoning when processing batch POST requests. The Plugins assemble separate response headers in parallel for each operation in a batch, and then the header sets are merged together. If plugins set the same header on multiple operations, one value is chosen arbitrarily, and its cache policy is applied. This allows the responses from operations whose policy does not allow caching to be cached. How to fix Cache Poisoning? Upgrade | >=3.0.0 <3.11.0 |
apollo-server-core is a core module of the Apollo community GraphQL Server. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the NOTE: Several conditions must be met for this vulnerability to be exploited.
How to fix Cross-site Scripting (XSS)? Upgrade | >=3.0.0 <3.10.1 |