88 matches found
GHSA-W42G-7VFC-XF37 Introspection in schema validation in Apollo Server
We encourage all users of Apollo Server to read this advisory in its entirety to understand the impact. The Resolution section contains details on patched versions. Impact If subscriptions: false is passed to the ApolloServer constructor options, there is no impact. If implementors were not...
8base-cli (>=0.0.80 <=0.0.90), @awoyotoyin/ts-graphql-yoga-express-starter (=1.0.0) +128 more potentially affected by unknown CVE via apollo-server-lambda (>=1.3.2 <=2.11.0)
apollo-server-lambda NPM version =1.3.2, =0.0.80, =0.1.0-latest.5b715197, =0.1.0, =0.1.1, =1.0.0, =0.0.1-beta, =1.0.0, =1.7.0, =0.0.1, =1.0.1-alpha.0, =1.0.0, =1.16.9 - @jokio/graphql-yoga =1.0.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W42G-7VFC-XF37...
@aerogear/voyager-metrics (>=0.7.2-dev.409.01ecc9f.0 <=0.7.2-dev.411.7aaa5a6.0), @aerogear/voyager-server (>=0.7.2-dev.409.01ecc9f.0 <=0.9.1-dev.430.0433c35.0) +41 more potentially affected by unknown CVE via apollo-server (>=0.1.5 <=2.14.1)
apollo-server NPM version =0.1.5, =0.7.2-dev.409.01ecc9f.0, =0.7.2-dev.409.01ecc9f.0, =2018.8.28-0, =1.0.0, =0.10.0, =0.0.9, =0.0.11, =2.0.0-rc.15, =0.0.0, =1.3.1, =4.0.0-alpha-0b0eefe.499, =4.0.1-beta.6 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W42G-7VFC-XF37...
@3wks/gae-node-nestjs (>=0.1.3 <=5.2.0-rc3), @abyssaljs/plugin-graphql (>=0.1.1 <=0.5.0) +409 more potentially affected by unknown CVE via apollo-server-express (>=1.0.5 <=2.14.1)
apollo-server-express NPM version =1.0.5, =0.1.3, =0.1.1, =0.7.2-dev.409.01ecc9f.0, =0.7.2-dev.409.01ecc9f.0, =2018.8.28-0, =0.0.1, =0.1.0-alpha.10a87555, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0-latest.5b715197, =2.1.0, =5.4.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W42G-7VFC-X...
@axelspringer/mango-api (>=0.0.1-alpha <=1.0.0-beta.75), @carlosbajo/graphql-gateway (>=1.2.0 <=2.3.6) +39 more potentially affected by unknown CVE via apollo-server-koa (>=1.3.6 <=2.0.4)
apollo-server-koa NPM version =1.3.6, =0.0.1-alpha, =1.2.0, =2.8.1, =0.2.1, =0.2.6, =0.1.2, =6.1.0, =1.0.1, =0.0.9, =0.0.1, =1.0.3, =1.0.0, =2.8.1, =1.0.0, =1.4.56 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W42G-7VFC-XF37...
codelift (>=1.0.1 <=1.0.15-canary.394.652cc97.0), graphql-server-micro (>=1.0.2 <=1.4.1) +8 more potentially affected by unknown CVE via apollo-server-micro (>=1.4.0 <=2.14.1)
apollo-server-micro NPM version =1.4.0, =1.0.1, =1.0.2, =1.0.0, =1.0.0, =2.0.0, =1.5.8, =0.1.0, =0.1.0, =1.0.0-rc.3, =1.0.0-rc.5 Source cves: unknown CVE Source advisory: OSV:GHSA-W42G-7VFC-XF37...
@bakjs/graphql (>=2.0.0 <=2.2.0), @clevyr/pavo-hapi-graphql (>=0.0.1 <=0.0.5) +14 more potentially affected by unknown CVE via apollo-server-hapi (>=1.2.0 <=1.4.0)
apollo-server-hapi NPM version =1.2.0, =2.0.0, =0.0.1, =0.1.0, =1.0.0, =0.0.51, =3.0.0, =1.0.2, =1.0.1, =0.2.2, =0.2.37 - trailpack-apollo =3.0.0-alpha.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W42G-7VFC-XF37...
Introspection in schema validation in Apollo Server
We encourage all users of Apollo Server to read this advisory in its entirety to understand the impact. The Resolution section contains details on patched versions. Impact If subscriptions: false is passed to the ApolloServer constructor options, there is no impact. If implementors were not...