Information Exposure

Overview Versions of apollo-server-hapi prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their relations...

@bakjs/graphql (>=2.0.0 <=2.2.0), @clevyr/pavo-hapi-graphql (>=0.0.1 <=0.0.5) +14 more potentially affected by unknown CVE via apollo-server-hapi (>=1.2.0 <=1.4.0)

apollo-server-hapi NPM version =1.2.0, =2.0.0, =0.0.1, =0.1.0, =1.0.0, =0.0.51, =3.0.0, =1.0.2, =1.0.1, =0.2.2, =0.2.37 - trailpack-apollo =3.0.0-alpha.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W42G-7VFC-XF37...