CVE-2021-41249

GraphQL Playground is a GraphQL IDE for development of graphQL focused applications. All versions of graphql-playground-react older than [email protected] are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names,...

Code injection

GraphQL Playground is a GraphQL IDE for development of graphQL focused applications. All versions of graphql-playground-react older than email protected are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names, exposing a dynamic XS...

CVE-2021-41249

All sources describe a GraphQL Playground XSS in graphql-playground-react older than v1.7.28. The vulnerability arises from compromised HTTP introspection responses or schema prop values containing malicious GraphQL type names, enabling dynamic XSS and potential code execution when a user loads a...

CVE-2021-41249 XSS vulnerability in GraphQL Playground

GraphQL Playground is a GraphQL IDE for development of graphQL focused applications. All versions of graphql-playground-react older than [email protected] are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names,...

PT-2021-23212 · Unknown +1 · Graphql-Playground-React +2

Name of the Vulnerable Software and Affected Versions: graphiql versions prior to 1.4.7 graphql-playground-react versions prior to 1.7.28 Description: The vulnerability allows for compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names, exposing a...

GraphQL Playground 跨站脚本漏洞

GraphQL Playground is a graphical, interactive, in-browser GraphQL IDE Integrated Development Environment based on GraphiQL from Prisma Labs, Germany. A cross-site scripting vulnerability exists in GraphQL Playground versions prior to 1.4.7, which stems from the software's lack of effective...

GraphQL Playground 跨站脚本漏洞

GraphQL Playground is a graphical, interactive, in-browser GraphQL IDE Integrated Development Environment based on GraphiQL from Prisma Labs, Germany. GraphQL Playground suffers from a cross-site scripting vulnerability that stems from the program's susceptibility to corrupt HTTP schema...

PT-2021-22751 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.1 through 14.2.6 GitLab CE/EE versions 14.3 through 14.3.4 GitLab CE/EE versions 14.4 through 14.4.1 Description: The issue is related to an Improper Access Control vulnerability in the GraphQL API. This vulnerability...

What is Graphql ❓ Definition with Example

Anyone who is involved in app development will be familiar with GraphQL, a highly useful query language making tons of things right for app developers and security managers. When handled perfectly and diligently, GraphQL holds the power to empower the traditional process of data retrievals,...

GHSA-R7RH-G777-G5GX SilverStripe GraphQL Server permission checker not inherited by query subclass.

Default SilverStripe GraphQL Server aka silverstripe/graphql 3.x through 3.4.1 permission checker not inherited by query subclass...

SilverStripe GraphQL Server permission checker not inherited by query subclass.

Default SilverStripe GraphQL Server aka silverstripe/graphql 3.x through 3.4.1 permission checker not inherited by query subclass...

Shopify: Bypass a fix for report #708013

Summary: customerAccessTokenCreate mutation in the Storefront API does not correctly throttle login attempts. An issue in similar report https://hackerone.com/reports/708013 was already fixed, however, there is still a bypass. Steps To Reproduce: 1. Grab a Storefront API Token I got it from the B...

CVE-2021-28661

Default SilverStripe GraphQL Server aka silverstripe/graphql 3.x through 3.4.1 permission checker not inherited by query subclass...

CVE-2021-28661

Default SilverStripe GraphQL Server aka silverstripe/graphql 3.x through 3.4.1 permission checker not inherited by query subclass...

CVE-2021-28661

Default SilverStripe GraphQL Server aka silverstripe/graphql 3.x through 3.4.1 permission checker not inherited by query subclass...

Design/Logic Flaw

Default SilverStripe GraphQL Server aka silverstripe/graphql 3.x through 3.4.1 permission checker not inherited by query subclass...

CVE-2021-28661

Default SilverStripe GraphQL Server aka silverstripe/graphql 3.x through 3.4.1 permission checker not inherited by query subclass...

CVE-2021-28661

The CVE-2021-28661 entry concerns the SilverStripe GraphQL Server (silverstripe/graphql) versions 3.x through 3.4.1, where the permission checker is not inherited by a query subclass. This is identified as a permission-related issue in the GraphQL server component, with the underlying root cause ...

PT-2021-17888 · Silverstripe · Silverstripe Graphql Server

Name of the Vulnerable Software and Affected Versions: SilverStripe GraphQL Server versions 3.x through 3.4.1 Description: The issue concerns a permission checker not being inherited by a query subclass in the SilverStripe GraphQL Server. Recommendations: For versions 3.x through 3.4.1, update to...

Silverstripe SilverStripe 访问控制错误漏洞

Silverstripe SilverStripe is New Zealand SilverStripe Silverstripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . An access control error vulnerability exists in SilverStripe...