Homepage
About Snyk

Information Exposure Affecting type-graphql package, versions <0.17.6

Severity

 Recommended
0.0
low
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    Exploit Maturity
    Proof of concept

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JS-TYPEGRAPHQL-538910
  • published 23 Dec 2019
  • disclosed 23 Dec 2019
  • credit Bernard McManus
Report a new vulnerability Found a mistake?

Introduced: 23 Dec 2019

CVE NOT AVAILABLE CWE-540 Open this link in a new tab

How to fix?

Upgrade type-graphql to version 0.17.6 or higher.

Overview

type-graphql is a package to create GraphQL schema and resolvers with TypeScript, using classes and decorators!

Affected versions of this package are vulnerable to Information Exposure. The package leaks the resolver source code in an error message. It is possible to force this error when no subscription topics are provided in the request.

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
3.7 low
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    High
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    Low
  • Integrity (I)
    None
  • Availability (A)
    None