PT-2020-21588 — Generation of Error Message Containing Sensitive Information in Microsoft Type-Graphql

PT-2020-21588 · Microsoft · Type-Graphql

Published

2020-09-04

Updated

2020-09-04

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions type-graphql versions prior to 0.17.6

Description The issue concerns information exposure where the package leaks the resolver source code in an error message. This error can be forced when no subscription topics are provided in the request.

Recommendations Upgrade to version 0.17.6 or later.

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-209

Related Identifiers

GHSA-XF64-2F9P-6PQQ

Affected Products

Type-Graphql

PT-2020-21588 · Microsoft · Type-Graphql

Weakness Enumeration

Related Identifiers

Affected Products

References · 3