Information Exposure

Overview Versions of apollo-server-lambda prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their relatio...

8base-cli (>=0.0.80 <=0.0.90), @awoyotoyin/ts-graphql-yoga-express-starter (=1.0.0) +128 more potentially affected by unknown CVE via apollo-server-lambda (>=1.3.2 <=2.11.0)

apollo-server-lambda NPM version =1.3.2, =0.0.80, =0.1.0-latest.5b715197, =0.1.0, =0.1.1, =1.0.0, =0.0.1-beta, =1.0.0, =1.7.0, =0.0.1, =1.0.1-alpha.0, =1.0.0, =1.16.9 - @jokio/graphql-yoga =1.0.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W42G-7VFC-XF37...