PT-2023-36348 · Unknown · Graphql Mesh

Name of the Vulnerable Software and Affected Versions: GraphQL Mesh affected versions not specified Description: GraphQL Mesh is a framework and gateway for GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, and databases. When a user transforms on the root level or...

@accounter-toolkit/green-invoice-graphql (>=0.0.2 <=0.2.0-alpha-20230313141007-4bdbab6), @accounter-toolkit/hashavshevet-mesh (>=0.0.2 <=0.0.4-alpha-20230313141007-4bdbab6) +10 more potentially affected by CVE-2025-27098 via @graphql-mesh/cli (>=0.78.0 <=0.82.21)

@graphql-mesh/cli NPM version =0.78.0, =0.0.2, =0.0.2, =0.0.2, =0.2.0-alpha.24, =5.1.0-canary.3, =6.0.0-canary.20, =6.0.0-canary.20, =6.0.0-canary.20, =2.2.6, =0.1.147, =0.1.3, =0.1.9, =0.1.10 Source cves: CVE-2025-27098 Source advisory: OSV:GHSA-J2WH-WRV3-4X4G...

PT-2023-36349 · Unknown · @Graphql-Mesh/Http +1

Name of the Vulnerable Software and Affected Versions: @graphql-mesh/cli versions prior to 0.82.21 @graphql-mesh/http versions prior to 0.3.18 Description: A missing check vulnerability in the static file handler allows any client to access files in the server's file system. When staticFiles is s...

@graphql-mesh/cli (>=0.12.0 <=0.19.2), @graphql-mesh/container (>=0.0.4 <=0.0.6) potentially affected by CVE-2021-41248 +1 more via graphql-playground-react (=1.7.27)

graphql-playground-react NPM version =1.7.27 is affected by a known vulnerability. The following packages have a transitive dependency on graphql-playground-react and may be impacted: - @graphql-mesh/cli =0.12.0, =0.0.4, =0.0.6 Source cves: CVE-2021-41248, CVE-2021-41249 Source advisory:...