Information Exposure Affecting type-graphql package, versions <0.17.6


0.0
low

Snyk CVSS

    Exploit Maturity Proof of concept
    Attack Complexity High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JS-TYPEGRAPHQL-538910
  • published 23 Dec 2019
  • disclosed 23 Dec 2019
  • credit Bernard McManus

Introduced: 23 Dec 2019

CVE NOT AVAILABLE CWE-540 Open this link in a new tab

How to fix?

Upgrade type-graphql to version 0.17.6 or higher.

Overview

type-graphql is a package to create GraphQL schema and resolvers with TypeScript, using classes and decorators!

Affected versions of this package are vulnerable to Information Exposure. The package leaks the resolver source code in an error message. It is possible to force this error when no subscription topics are provided in the request.