2mxdev-gql-gateway (=1.0.0), 4m-node-server (>=0.0.1 <=0.0.8) +3178 more potentially affected by unknown CVE via apollo-server-core (>=1.3.2 <=3.9.0)

apollo-server-core NPM version =1.3.2, =0.0.1, =1.0.2, =0.0.80, =3.10.1, =1.2.0-pre.24, =1.0.1, =1.0.0, =1.0.0, =0.5.0, =1.0.0, =0.1.3, =0.0.1, =0.1.1, =0.0.1, =0.0.5 and more Source cves: unknown CVE Source advisory: SNYK:JS-APOLLOSERVERCORE-15790567...

2mxdev-gql-gateway (=1.0.0), 4m-node-server (>=0.0.1 <=0.0.8) +3174 more potentially affected by unknown CVE via apollo-server-core (>=1.3.2 <=3.13.0)

apollo-server-core NPM version =1.3.2, =0.0.1, =1.0.2, =0.0.80, =3.10.1, =1.2.0-pre.24, =1.0.1, =1.0.0, =1.0.0, =0.5.0, =1.0.0, =0.1.3, =0.1.0, =0.4.52, =0.0.1, =0.0.5 and more Source cves: unknown CVE Source advisory: OSV:GHSA-9Q82-XGWF-VJ6H...

Information Exposure

Overview apollo-server-core is a core module of the Apollo community GraphQL Server. Affected versions of this package are vulnerable to Information Exposure in the request handling process. An attacker can infer sensitive information about server responses by issuing specially crafted...

Information Disclosure

@apollo/server and apollo-server-core are vulnerable to Information Disclosure. The vulnerability is due to a lack sensitive information masking such as Studio API keys which can end up getting logged if they are passed incorrectly with leading/trailing whitespace or if they have any invalid...

8base-cli (>=0.0.80 <=0.0.90), @3wks/gae-node-nestjs (>=0.1.3 <=5.2.0-rc3) +522 more potentially affected by unknown CVE via apollo-server-core (>=1.3.2 <=2.25.3)

apollo-server-core NPM version =1.3.2, =0.0.80, =0.1.3, =0.1.1, =2018.8.28-0, =0.0.1, =2.11.0, =0.0.1-alpha, =2.0.0, =0.1.0-alpha.10a87555, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =1.1.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-J5G3-5C8R-7QFX...

@a11ywatch/a11ywatch (>=0.1.0 <=0.3.82), @a11ywatch/core (>=0.4.52 <=0.8.17) +23 more potentially affected by unknown CVE via apollo-server-core (>=3.10.0 <=3.12.0)

apollo-server-core NPM version =3.10.0, =0.1.0, =0.4.52, =4.9.2, =1.0.0, =1.1.0, =1.0.0, =0.1.0-alpha.0, =0.1.0-alpha.1, =0.1.0-alpha.0, =0.1.0-alpha.0, =0.1.0-alpha.0, =10.7.1, =3.0.0-beta.1, =9.0.0, =2.0.0-beta.7, =2.1.0-alpha.3 and more Source cves: unknown CVE Source advisory:...

@a11ywatch/a11ywatch (>=0.1.0 <=0.1.65), @a11ywatch/core (>=0.4.52 <=0.5.158) +11 more potentially affected by unknown CVE via apollo-server-core (>=3.10.0 <=3.10.4)

apollo-server-core NPM version =3.10.0, =0.1.0, =0.4.52, =0.1.0-alpha.0, =0.1.0-alpha.1, =0.1.0-alpha.0, =0.1.0-alpha.0, =0.1.0-alpha.0, =10.7.1, =9.0.0, =2.0.0-beta.7, =1.0.0, =4.13.1, =1.3.0-beta.2, =2.0.0-beta.2 Source cves: unknown CVE Source advisory: OSV:GHSA-8R69-3CVP-WXC3...

@a11ywatch/a11ywatch (>=0.1.0 <=0.1.65), @a11ywatch/core (>=0.4.52 <=0.5.12) +2 more potentially affected by unknown CVE via apollo-server-core (=3.10.0)

apollo-server-core NPM version =3.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on apollo-server-core and may be impacted: - @a11ywatch/a11ywatch =0.1.0, =0.4.52, =10.7.1, =9.0.0, =9.0.1 Source cves: unknown CVE Source advisory:...

GHSA-2FVV-QXRQ-7JQ6 apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page

Impact The default landing page contained HTML to display a sample curl command which is made visible if the full landing page bundle could not be fetched from Apollo's CDN. The server's URL is directly interpolated into this command inside the browser from window.location.href. On some older...

Information Disclosure

apollo-server-core is vulnerable to information disclosure. The vulnerability exists as ApolloServer incorrectly drops the values of this.requestOptions.validationRules when creating a SubscriptionServer...

8base-cli (>=0.0.80 <=0.0.90), @3wks/gae-node-nestjs (>=0.1.3 <=5.2.0-rc3) +495 more potentially affected by unknown CVE via apollo-server-core (>=1.3.2 <=2.12.0)

apollo-server-core NPM version =1.3.2, =0.0.80, =0.1.3, =0.1.1, =2018.8.28-0, =0.0.1, =2.11.0, =0.0.1-alpha, =2.0.0, =0.1.0-alpha.10a87555, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =1.1.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W42G-7VFC-XF37...