Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl3ODctNGo3Mi1nY3Y3
Insecure Default Configuration in graphql-code-generator
Versions of graphql-code-generator prior to 0.18.2 have an Insecure Default Configuration. The packages sets NODE_TLS_REJECT_UNAUTHORIZED to 0, disabling certificate verification for the entire project. This results in Insecure Communication for the process.
Recommendation
Upgrade to version 0.18.2 or later.
Permalink: https://github.com/advisories/GHSA-9w87-4j72-gcv7JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl3ODctNGo3Mi1nY3Y3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 3 years ago
Updated: 9 months ago
Identifiers: GHSA-9w87-4j72-gcv7
References:
- https://github.com/dotansimha/graphql-code-generator/issues/1806
- https://www.npmjs.com/advisories/834
- https://github.com/advisories/GHSA-9w87-4j72-gcv7
Affected Packages
npm:graphql-code-generator
Versions: < 0.18.2Fixed in: 0.18.2