Homepage

graphql-code-generator@0.19.0-alpha.f30ac657 vulnerabilities

  • latest version

    0.18.2

  • first published

    8 years ago

  • latest version published

    6 years ago

  • deprecated

    Package is deprecated

  • licenses detected

  • View graphql-code-generator package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the graphql-code-generator package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Insecure Default Configuration

    graphql-code-generator is a tool that generates code out of your GraphQL schema.

    Affected versions of this package are vulnerable to Insecure Default Configuration. The NODE_TLS_REJECT_UNAUTHORIZED environment variable is set to the value 0 in all versions of the package disabling certificate verification. This flaw can be exploited by a Man-in-the-middle (MiTM) attacker, resulting in an attacker able to view a victim's HTTPS traffic.

    It should be noted that during the release of graphql-code-generator version 1.1.0, the CLI component was amended to be a separate package "@graphql-codegen/cli".

    How to fix Insecure Default Configuration?

    Upgrade graphql-code-generator to version 1.1.0 or higher.

    <1.1.0
    Go back to all versions of this package