Lucene search
+L

6 matches found

NVD
NVD
added 2026/06/04 3:16 p.m.13 views

CVE-2026-45739

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...

4.3CVSS0.00218EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/04 2:9 p.m.10 views

EUVD-2026-34270

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...

3.1CVSS5.8AI score0.00218EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/04 2:9 p.m.9 views

CVE-2026-45739 Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...

3.1CVSS5.8AI score0.00218EPSS
Exploits0References5
CVE
CVE
added 2026/06/04 2:9 p.m.29 views

CVE-2026-45739

The CVE affects Strawberry GraphQL versions 0.288.4 through 0.315.3, where the bundled GraphiQL template could serialize sensitive HTTP header values (e.g., Authorization: Bearer ) into the browser URL query string via the GraphiQL headers editor. This could leak header data to browser history, c...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/04 2:9 p.m.4 views

CVE-2026-45739 Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...

3.1CVSS5.9AI score0.00218EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/19 3:55 p.m.8 views

Insertion of Sensitive Information Into Sent Data

Overview strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the graphiql template. An attacker can obtain sensitive HTTP header values by enticing a user to enter confidential...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References2
Rows per page
Query Builder