Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:21 p.m.8 views

CVE-2021-41248

GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. All versions of graphiql older than [email protected] are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names,...

7.1CVSS6.4AI score0.01032EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/11/08 6:6 p.m.6 views

@graphql-mesh/cli (>=0.12.0 <=0.19.2), @graphql-mesh/container (>=0.0.4 <=0.0.6) potentially affected by CVE-2021-41248 +1 more via graphql-playground-react (=1.7.27)

graphql-playground-react NPM version =1.7.27 is affected by a known vulnerability. The following packages have a transitive dependency on graphql-playground-react and may be impacted: - @graphql-mesh/cli =0.12.0, =0.0.4, =0.0.6 Source cves: CVE-2021-41248, CVE-2021-41249 Source advisory:...

7.1CVSS6.7AI score0.01182EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/11/08 6:3 p.m.4 views

@abtnode/cli (>=1.8.68 <=1.8.69-beta-e0666d0d), @abtnode/webapp (>=1.8.68 <=1.8.69-beta-e0666d0d) +72 more potentially affected by CVE-2021-41248 +1 more via graphiql (>=0.5.0 <=1.4.6)

graphiql NPM version =0.5.0, =1.8.68, =1.8.68, =2.1.58, =0.1.6, =0.0.0, =0.0.0-nightly-20240830022837, =0.0.0-nightly-20231117021546, =0.0.0-nightly-2020972106, =0.1.1-alpha.19, =0.0.0-nightly-2020972106, =1.7.1, =1.8.68, =1.0.0, =1.0.0-beta.1, =4.1.9 and more Source cves: CVE-2021-41248,...

7.1CVSS6.6AI score0.01182EPSS
Exploits0
CVE
CVE
added 2021/11/04 8:15 p.m.75 views

CVE-2021-41248

CVE-2021-41248 affects GraphiQL and all forks where schemas may be loaded from attacker-controlled endpoints. Vulnerable in graphiql and forks prior to [email protected] via compromised HTTP introspection responses or schema props containing malicious GraphQL type names, enabling a dynamic XSS attac...

7.1CVSS5.1AI score0.01032EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder