88 matches found
@commercial/hapi (=19.0.2), @hapi/hapi (>=19.0.0 <=19.0.4) +7 more potentially affected by unknown CVE via @hapi/accept (=4.0.1)
@hapi/accept NPM version =4.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @hapi/accept and may be impacted: - @commercial/hapi =19.0.2 - @hapi/hapi =19.0.0, =0.0.3, =0.27.0, =0.27.0, =0.9.0, =2.0.4, =5.0.2 Source cves: unknown CVE Source advisory...
Information Disclosure
apollo-server-cloud-functions is vulnerable to information disclosure. The vulnerability exists as ApolloServer incorrectly drops the values of this.requestOptions.validationRules when creating a SubscriptionServer...
Information Disclosure
apollo-server-fastify is vulnerable to information disclosure. The vulnerability exists as ApolloServer incorrectly drops the values of this.requestOptions.validationRules when creating a SubscriptionServer...
Information Disclosure
apollo-server-micro is vulnerable to information disclosure. The vulnerability exists as ApolloServer incorrectly drops the values of this.requestOptions.validationRules when creating a SubscriptionServer...
Information Disclosure
apollo-server-express is vulnerable to information disclosure. The vulnerability exists as ApolloServer incorrectly drops the values of this.requestOptions.validationRules when creating a SubscriptionServer...
Information Disclosure
apollo-server-core is vulnerable to information disclosure. The vulnerability exists as ApolloServer incorrectly drops the values of this.requestOptions.validationRules when creating a SubscriptionServer...
Information Disclosure
apollo-server is vulnerable to information disclosure. The vulnerability exists as ApolloServer incorrectly drops the values of this.requestOptions.validationRules when creating a SubscriptionServer...
Information Disclosure
apollo-server-koa is vulnerable to information disclosure. The vulnerability exists as ApolloServer incorrectly drops the values of this.requestOptions.validationRules when creating a SubscriptionServer...
Information Exposure
Overview Versions of apollo-server-lambda prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their relatio...
Information Exposure
Overview Versions of apollo-server-micro prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their relation...
Information Exposure
Overview Versions of apollo-server-koa prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their relations...
Information Exposure
Overview Versions of apollo-server-hapi prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their relations...
Information Exposure
Overview Versions of apollo-server-fastify prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their...
Information Exposure
Overview Versions of apollo-server-express prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their...
Information Exposure
Overview Versions of apollo-server-cloud-functions prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, thei...
Information Exposure
Overview Versions of apollo-server-cache-memcached prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, thei...
Information Exposure
Overview Versions of apollo-server-azure-functions prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, thei...
Information Exposure
Overview Versions of apollo-server prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their relations and...
@bakjs/graphql (>=2.0.0 <=2.2.0), @clevyr/pavo-hapi-graphql (>=0.0.1 <=0.0.5) +14 more potentially affected by unknown CVE via apollo-server-hapi (>=1.2.0 <=1.4.0)
apollo-server-hapi NPM version =1.2.0, =2.0.0, =0.0.1, =0.1.0, =1.0.0, =0.0.51, =3.0.0, =1.0.2, =1.0.1, =0.2.2, =0.2.37 - trailpack-apollo =3.0.0-alpha.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W42G-7VFC-XF37...
@hello10/jump-server (>=1.0.0 <=1.1.3) potentially affected by unknown CVE via apollo-server-cloud-functions (=2.13.0)
apollo-server-cloud-functions NPM version =2.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on apollo-server-cloud-functions and may be impacted: - @hello10/jump-server =1.0.0, =1.1.3 Source cves: unknown CVE Source advisory: OSV:GHSA-W42G-7VFC-XF37...