You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Apollo GraphQL uses the 'schemaDirectives' option. This works in ApolloServer v2, but does nothing in version >=3. Depending on what the directives are used for, this can expose authenticated endpoints, disable rate limiting, and more. See the references on how to create custom directives in v3 and v4.
languages: [js, ts]
severity: ERROR
metadata:
category: security
cwe: "CWE-686: Function Call With Incorrect Argument Type"
subcategory: [vuln]
confidence: MEDIUM
likelihood: MEDIUM
impact: HIGH
technology:
- graphql
- apollo-graphql-server
description: "Use of outdated ApolloServer option 'schemaDirectives'"