42 matches found
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in @apollo/gateway...
Prototype Pollution
Overview Versions of @apollo/gateway prior to 0.6.2 are vulnerable to Prototype Pollution. The package uses deepMerge to merge objects, which may allow attackers to alter the Object prototype through queries with GraphQL aliases. Carefully constructed payloads can override properties of all objec...