Main Vulnerability Database Vulnerabilities #VU23935

Information exposure through externally-generated error message in type-graphql - #VU23935

Published: January 5, 2020

Vulnerability identifier: #VU23935

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID:

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: michallytek

Affected software:
type-graphql

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to software reveals the resolver source code in an error message. It is possible to force this error when no subscription topics are provided in the request. A remote attacker can gain unauthorized access to sensitive information.

Remediation

Update to version 0.17.6.

Sources

https://www.npmjs.com/advisories/1444

Information exposure through externally-generated error message in type-graphql - #VU23935

Detailed vulnerability description

Remediation

Sources

Please verify you're human