graphql-code-generator@0.19.0-alpha.edb3d7fa vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the graphql-code-generator package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Insecure Default Configuration

graphql-code-generator is a tool that generates code out of your GraphQL schema.

Affected versions of this package are vulnerable to Insecure Default Configuration. The NODE_TLS_REJECT_UNAUTHORIZED environment variable is set to the value 0 in all versions of the package disabling certificate verification. This flaw can be exploited by a Man-in-the-middle (MiTM) attacker, resulting in an attacker able to view a victim's HTTPS traffic.

It should be noted that during the release of graphql-code-generator version 1.1.0, the CLI component was amended to be a separate package "@graphql-codegen/cli".

How to fix Insecure Default Configuration?

Upgrade graphql-code-generator to version 1.1.0 or higher.

<1.1.0