45 matches found
CVE-2021-41248
GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. All versions of graphiql older than [email protected] are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names,...
Code injection
GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. All versions of graphiql older than email protected are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names,...
CVE-2021-41248 XSS vulnerability in GraphiQL
GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. All versions of graphiql older than [email protected] are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names,...
CVE-2021-41248
CVE-2021-41248 affects GraphiQL and all forks where schemas may be loaded from attacker-controlled endpoints. Vulnerable in graphiql and forks prior to [email protected] via compromised HTTP introspection responses or schema props containing malicious GraphQL type names, enabling a dynamic XSS attac...
PT-2021-23212 · Unknown +1 · Graphql-Playground-React +2
Name of the Vulnerable Software and Affected Versions: graphiql versions prior to 1.4.7 graphql-playground-react versions prior to 1.7.28 Description: The vulnerability allows for compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names, exposing a...