Home > Vulnerability Database > WS-2019-0352

Mend.io Vulnerability Database

WS-2019-0352

Good to know:

Date: December 21, 2019

Information Exposure found in type-graphql before 0.17.6. The package leaks the resolver source code in an error message. It is possible to force this error when no subscription topics are provided in the request.

Language: JS

Severity Score

3.7

Related Resources (3)

Url: https://github.com/MichalLytek/type-graphql/issues/489

Url: https://github.com/MichalLytek/type-graphql/commit/26ee0cedee1e3260fe9a5188df2bfb142b51031b

Url: https://www.mend.io/vulnerability-database/WS-2019-0352

Severity Score

3.7

Weakness Type (CWE)

Code

CWE-17

Source Code

CWE-18

Top Fix

Upgrade Version

Upgrade to version type-graphql - 0.17.6

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2019-0352

Good to know:

Date: December 21, 2019

Language: JS

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?