Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmNjQtMmY5cC02cHFx

Low
Permalink JSON

Information Exposure in type-graphql

Affected Packages Affected Versions Fixed Versions
npm:type-graphql
PURL: pkg:npm/type-graphql
< 0.17.6 0.17.6
447 Dependent packages
7,054 Dependent repositories
799,221 Downloads last month

Affected Version Ranges

All affected versions

0.0.0-unreleased, 0.1.0, 0.1.1, 0.1.2, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.6.0, 0.7.0, 0.8.0, 0.8.1, 0.9.0, 0.9.1, 0.10.0, 0.11.0, 0.11.1, 0.11.2, 0.11.3, 0.12.0, 0.12.1, 0.12.2, 0.12.3, 0.13.0, 0.13.1, 0.14.0, 0.15.0, 0.16.0, 0.17.0, 0.17.0-beta.1, 0.17.0-beta.2, 0.17.0-beta.3, 0.17.0-beta.4, 0.17.0-beta.5, 0.17.0-beta.6, 0.17.0-beta.7, 0.17.0-beta.8, 0.17.0-beta.9, 0.17.1, 0.17.2, 0.17.3, 0.17.4, 0.17.5

All unaffected versions

0.17.6, 1.0.0, 1.1.0, 1.1.1

Versions of type-graphql prior to 0.17.6 are vulnerable to Information Exposure. The package leaks the resolver source code in an error message. It is possible to force this error when no subscription topics are provided in the request.

Recommendation

Upgrade to version 0.17.6 or later.

References:

Identifiers

GHSA-xf64-2f9p-6pqq

Risk

Severity

Low

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/MichalLytek/type-graphql

Date and time

Published

about 5 years ago

Updated

almost 3 years ago

API

JSON