4 matches found
CVE-2026-45739
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...
CVE-2026-45739
Strawberry GraphQL versions 0.288.4–0.315.3 expose sensitive HTTP header values entered in the bundled GraphiQL editor via the URL query parameter headers, which can appear in history, copied links, or logs. Root cause: GraphiQL URL-sharing code serialized headers into the URL (updateURL called o...
Insertion of Sensitive Information Into Sent Data
Overview strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the graphiql template. An attacker can obtain sensitive HTTP header values by enticing a user to enter confidential...
PT-2026-41972
Name of the Vulnerable Software and Affected Versions Strawberry GraphQL versions 0.288.4 through 0.315.3 Description The bundled GraphiQL template in Strawberry GraphQL writes values from the headers editor into the browser URL query string. This occurs because the strawberry/static/graphiql.htm...