Stack Trace Disclosure (GraphQL)

Severity:

Low

Summary

Invicti identified a stack trace disclosure (GraphQL) in the target web server's HTTP response.

Impact

An attacker can obtain information such as:

Stack trace.
Information about the generated exception.

This information might help an attacker gain more information and potentially focus on the development of further attacks for the target system.

Remediation

Please refer to the documentation of your respective GraphQL library to find out the correct way to disable stack traces. This varies from framework to framework and may change as new versions are released.

Required Skills for Successful Exploitation

Actions To Take

Classifications

PCI v3.2-6.5.5

CAPEC-214

CWE-248

HIPAA-164.306(a), 164.308(a)

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Select Vulnerability

Related Vulnerabilities

Version Disclosure (RubyGems)

Cherokee Identified

Internal Path Disclosure (Windows)

Version Disclosure (CakePHP Framework)

Server-Side Template Injection (Java FreeMarker)

Stack Trace Disclosure (GraphQL)

Vulnerability Index

Select Category

Select Vulnerability

Featured resources

Build your resistance to threats. And save hundreds of hours each month.