DRUPAL-CONTRIB-2021-013

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/graphql/DRUPAL-CONTRIB-2021-013.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2021-013
Published
2021-06-02T16:56:19Z
Modified
2025-12-10T23:31:56.805610Z
Summary
[none]
Details

This module lets you craft and expose a GraphQL web service API.

The module does not sufficiently protect arbitrary exception and error messages thereby exposing an information disclosure vulnerability.

This vulnerability is mitigated by the fact that a GraphQL server must be enabled and a data producer be configured that throws exceptions with confidential error messages that must not be exposed over the GraphQL API.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/graphql

Package

Name
drupal/graphql
Purl
pkg:composer/drupal/graphql

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Last affected
4.0.0
Database specific
{
    "constraint": "4.0.0"
}

Database specific

affected_versions
"4.0.0"
source
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/graphql/DRUPAL-CONTRIB-2021-013.json"