Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmNjQtMmY5cC02cHFx
Information Exposure in type-graphql
Versions of type-graphql prior to 0.17.6 are vulnerable to Information Exposure. The package leaks the resolver source code in an error message. It is possible to force this error when no subscription topics are provided in the request.
Recommendation
Upgrade to version 0.17.6 or later.
Permalink: https://github.com/advisories/GHSA-xf64-2f9p-6pqqJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmNjQtMmY5cC02cHFx
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 3 years ago
Updated: over 1 year ago
Identifiers: GHSA-xf64-2f9p-6pqq
References:
- https://github.com/MichalLytek/type-graphql/issues/489
- https://www.npmjs.com/advisories/1444
- https://github.com/advisories/GHSA-xf64-2f9p-6pqq
Blast Radius: 0.0
Affected Packages
npm:type-graphql
Dependent packages: 447Dependent repositories: 7,054
Downloads: 709,365 last month
Affected Version Ranges: < 0.17.6
Fixed in: 0.17.6
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.6.0, 0.7.0, 0.8.0, 0.8.1, 0.9.0, 0.9.1, 0.10.0, 0.11.0, 0.11.1, 0.11.2, 0.11.3, 0.12.0, 0.12.1, 0.12.2, 0.12.3, 0.13.0, 0.13.1, 0.14.0, 0.15.0, 0.16.0, 0.17.0, 0.17.1, 0.17.2, 0.17.3, 0.17.4, 0.17.5
All unaffected versions: 0.17.6, 1.0.0, 1.1.0, 1.1.1