GraphQL - Moderately critical - Information Disclosure - SA-CONTRIB-2021-013

Project: GraphQL
Date: 2021-June-02
Security risk: Moderately critical 11∕25 
Vulnerability: Information Disclosure

Description

This module lets you craft and expose a GraphQL web service API.

The module does not sufficiently protect arbitrary exception and error messages thereby exposing an information disclosure vulnerability.

This vulnerability is mitigated by the fact that a GraphQL server must be enabled and a data producer be configured that throws exceptions with confidential error messages that must not be exposed over the GraphQL API.

Solution

Install the latest version:

If you use the GraphQL module for Drupal 8.x, upgrade to GraphQL 8.x-4.1

Nick Onom
Marketing Project Manager

Enthusiastic about all kinds of Open Source applications, AI, bitcoins, but mostly Drupal and Backdrop. For last years has been actively developing AltaGrade's new back-end system.

Drupal · Security

GraphQL - Moderately critical - Information Disclosure - SA-CONTRIB-2021-013

Description

Solution

We value your opinion. Please add your feedback.