@aiswarm/api-graphql (>=0.1.0 <=0.1.9), @aiswarm/conductor (>=0.1.1 <=0.1.9) +55 more potentially affected by CVE-2026-30241 via mercurius (>=10.5.1 <=16.1.0)

mercurius NPM version =10.5.1, =0.1.0, =0.1.1, =0.1.1, =0.1.2, =0.3.0, =0.3.0, =1.0.0, =1.0.16, =0.0.3, =0.1.0, =0.1.0, =2.37.0, =2.64.0 and more Source cves: CVE-2026-30241 Source advisory: OSV:GHSA-M4H2-MJFM-MP55...

GHSA-V66J-6WWF-JC57 Mercurius: Incorrect Content-Type parsing can lead to CSRF attack

Summary A Cross-Site Request Forgery CSRF vulnerability was identified in Mercurius versions 16. The issue arises from incorrect parsing of the Content-Type header in requests. Specifically, requests with Content-Type values such as application/x-www-form-urlencoded, multipart/form-data, or...

Mercurius: Incorrect Content-Type parsing can lead to CSRF attack

Summary A Cross-Site Request Forgery CSRF vulnerability was identified in Mercurius versions 16. The issue arises from incorrect parsing of the Content-Type header in requests. Specifically, requests with Content-Type values such as application/x-www-form-urlencoded, multipart/form-data, or...

Mercurius 安全漏洞

Mercurius is an open-source GraphQL adapter developed by mercurius-js. Versions of Mercurius prior to 16.4.0 contained a security vulnerability, which was caused by incorrect parsing of the Content-Type header. This vulnerability could lead to Cross-Site Request Forgery attacks...

EUVD-2021-2420

Malware in sbrugna...