We found results for “”
WS-2019-0352
Good to know:
Date: December 21, 2019
Information Exposure found in type-graphql before 0.17.6. The package leaks the resolver source code in an error message. It is possible to force this error when no subscription topics are provided in the request.
Language: JS
Severity Score
Severity Score
Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |