GraphQL - Moderately critical - Information Disclosure - SA-CONTRIB-2021-013

GraphQL - Moderately critical - Information Disclosure - SA-CONTRIB-2021-013

Project: GraphQL
Date: 2021-June-02
Security risk: Moderately critical 11∕25 
Vulnerability: Information Disclosure

Description

This module lets you craft and expose a GraphQL web service API.

The module does not sufficiently protect arbitrary exception and error messages thereby exposing an information disclosure vulnerability.

This vulnerability is mitigated by the fact that a GraphQL server must be enabled and a data producer be configured that throws exceptions with confidential error messages that must not be exposed over the GraphQL API.

Solution

Install the latest version:

Nick Onom's picture
Nick Onom
Marketing Project Manager
Enthusiastic about all kinds of Open Source applications, AI, bitcoins, but mostly Drupal and Backdrop. For last years has been actively developing AltaGrade's new back-end system.

We value your opinion. Please add your feedback.