GraphQL - Moderately critical - Information Disclosure - SA-CONTRIB-2021-013

Project: GraphQLDate: 2021-June-02Security risk: Moderately critical 11∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:UncommonVulnerability: Information DisclosureDescription: This module lets you craft and expose a GraphQL web service API.
The module does not sufficiently protect arbitrary exception and error messages thereby exposing an information disclosure vulnerability.
This vulnerability is mitigated by the fact that a GraphQL server must be enabled and a data producer be configured that throws exceptions with confidential error messages that must not be exposed over the GraphQL API.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article