Information Exposure in type-graphql
        
  Low severity
        
          GitHub Reviewed
      
        Published
          Sep 4, 2020 
          to the GitHub Advisory Database
          •
          Updated Jan 9, 2023 
      
  
Description
        Reviewed
      Aug 31, 2020 
    
  
        Published to the GitHub Advisory Database
      Sep 4, 2020 
    
  
        Last updated
      Jan 9, 2023 
    
  
Versions of
type-graphqlprior to 0.17.6 are vulnerable to Information Exposure. The package leaks the resolver source code in an error message. It is possible to force this error when no subscription topics are provided in the request.Recommendation
Upgrade to version 0.17.6 or later.
References