This module lets you craft and expose a GraphQL web service API.
The module does not sufficiently protect arbitrary exception and error messages thereby exposing an information disclosure vulnerability.
This vulnerability is mitigated by the fact that a GraphQL server must be enabled and a data producer be configured that throws exceptions with confidential error messages that must not be exposed over the GraphQL API.