6 matches found
CVE-2026-45739
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...
EUVD-2026-34270
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...
CVE-2026-45739 Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...
CVE-2026-45739
The CVE affects Strawberry GraphQL versions 0.288.4 through 0.315.3, where the bundled GraphiQL template could serialize sensitive HTTP header values (e.g., Authorization: Bearer ) into the browser URL query string via the GraphiQL headers editor. This could leak header data to browser history, c...
CVE-2026-45739 Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...
Insertion of Sensitive Information Into Sent Data
Overview strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the graphiql template. An attacker can obtain sensitive HTTP header values by enticing a user to enter confidential...