An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl3ODctNGo3Mi1nY3Y3
Insecure Default Configuration in graphql-code-generator
graphql-code-generator prior to 0.18.2 have an Insecure Default Configuration. The packages sets
NODE_TLS_REJECT_UNAUTHORIZED to 0, disabling certificate verification for the entire project. This results in Insecure Communication for the process.
Upgrade to version 0.18.2 or later.Permalink: https://github.com/advisories/GHSA-9w87-4j72-gcv7
Source: GitHub Advisory Database
Published: about 3 years ago
Updated: 9 months ago
Fixed in: 0.18.2