Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove _openAPIToGraphQL from arbitrary JSON in arrays #450

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

cwisdo
Copy link

@cwisdo cwisdo commented Mar 9, 2022

I observed this leak in a mutation that returned an array of arbitrary JSON objects representing rows of data (attribute-value pairs). In addition to leaking the security information, it increased the data size significantly as every JSON object at the second level contained the data.

@cwisdo cwisdo changed the title Remove _openAPIToGraphQL from arbitrary JSON in arrays [sc-4714] Remove _openAPIToGraphQL from arbitrary JSON in arrays Mar 9, 2022
@cwisdo cwisdo force-pushed the fix-nested-openAPIToGraphQL-exposure branch from aadb016 to b594dc8 Compare April 5, 2022 19:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant