Description

We identified a potential security vulnerability within your web application that utilizes GraphQL. The application is inadvertently disclosing sensitive exception details, such as error messages and stack traces, through the errors.message.extensions.exception.stack response properties. This information leakage poses a risk to the application's security posture, as attackers could exploit the exposed details to gain further insight into the system's architecture and potentially launch more targeted attacks.

Remediation

  • Implement proper error handling mechanisms in the GraphQL server to catch and manage exception errors. Ensure that exceptions are caught and handled at the appropriate level within the application. Utilize try-catch blocks to manage exceptions and avoid unhandled errors.
  • Replace detailed error messages with generic ones that do not disclose sensitive information. Error messages should be informative enough for users to understand the issue but not specific enough to reveal underlying system details that may be exploited by attackers.

References

Related Vulnerabilities