46 matches found
CVE-2026-45739
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...
CVE-2026-45739 Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...
CVE-2026-45739 Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...
CVE-2026-45739
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...
CVE-2026-45739
The CVE affects Strawberry GraphQL versions 0.288.4 through 0.315.3, where the bundled GraphiQL template could serialize sensitive HTTP header values (e.g., Authorization: Bearer ) into the browser URL query string via the GraphiQL headers editor. This could leak header data to browser history, c...
Strawberry GraphQL 安全漏洞
Strawberry GraphQL is an open-source Python GraphQL library that utilizes type annotations. Versions 0.288.4 to 0.315.3 of Strawberry GraphQL contain security vulnerabilities. These vulnerabilities stem from the GraphiQL template writing values from the header editor into the browser URL query...
Insertion of Sensitive Information Into Sent Data
Overview strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the graphiql template. An attacker can obtain sensitive HTTP header values by enticing a user to enter confidential...
GHSA-X97M-QP5C-W9XJ Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs
Summary Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value could become visible in browser history, copied links, and server/proxy/CDN access logs...
Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs
Summary Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value could become visible in browser history, copied links, and server/proxy/CDN access logs...
PT-2026-41972
Name of the Vulnerable Software and Affected Versions Strawberry GraphQL versions 0.288.4 through 0.315.3 Description The bundled GraphiQL template in Strawberry GraphQL writes values from the headers editor into the browser URL query string. This occurs because the strawberry/static/graphiql.htm...
CVE-2026-42794
Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...
EUVD-2026-28799
Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...
absinthe_plug Has a Cross-site Scripting vulnerability
Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...
GHSA-C62G-J346-39V5 absinthe_plug Has a Cross-site Scripting vulnerability
Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...
CVE-2026-42794
Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...
CVE-2026-42794
CVE-2026-42794 is a reflected XSS in absinthe_plug via GraphiQL. The function Elixir.Absinthe.Plug.GraphiQL:js_escape/1 escapes single quotes and newlines in the query GET parameter but does not escape backslashes, enabling an attacker to prefix a quote with a backslash (e.g., ") to break out of ...
CVE-2026-42794 Reflected XSS via backslash bypass in GraphiQL js_escape in absinthe_plug
Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...
CVE-2026-42794
Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...
CVE-2026-42794 Reflected XSS via backslash bypass in GraphiQL js_escape in absinthe_plug
Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...
EEF-CVE-2026-42794 Reflected XSS via backslash bypass in GraphiQL js_escape in absinthe_plug
Summary Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines i...