GMS-2020-539: Information Exposure in type-graphql

September 4, 2020 (updated October 4, 2021)

Versions of type-graphql are vulnerable to Information Exposure. The package leaks the resolver source code in an error message. It is possible to force this error when no subscription topics are provided in the request. Upgrade to or later.

References

github.com/MichalLytek/type-graphql/issues/489
github.com/advisories/GHSA-xf64-2f9p-6pqq
www.npmjs.com/advisories/1444

Code Behaviors & Features

Detect and mitigate GMS-2020-539 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →