GraphQL - Moderately critical - Information Disclosure - SA-CONTRIB-2021-013
Project: GraphQL Date: 2021-June-02 Security risk: Moderately critical 11∕25 Vulnerability: Information Disclosure
This module lets you craft and expose a GraphQL web service API.
The module does not sufficiently protect arbitrary exception and error messages thereby exposing an information disclosure vulnerability.
This vulnerability is mitigated by the fact that a GraphQL server must be enabled and a data producer be configured that throws exceptions with confidential error messages that must not be exposed over the GraphQL API.
Install the latest version:
- If you use the GraphQL module for Drupal 8.x, upgrade to GraphQL 8.x-4.1