graphql-shield@5.7.3 vulnerabilities

GraphQL Server permissions as another layer of abstraction!

Direct Vulnerabilities

Known vulnerabilities in the graphql-shield package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Authorization Bypass

graphql-shield is a package that adds a permission layer for GraphQL applications.

Affected versions of this package are vulnerable to Authorization Bypass. The rule caching option no_cache relies on keys generated by cryptographically insecure functions, which may cause rules to be incorrectly cached. This allows attackers to access information they should not have access to in case of a key collision.

How to fix Authorization Bypass?

Upgrade graphql-shield to version 6.0.6 or higher.