Cross-site Request Forgery (CSRF)

Overview @apollo/explorer is a This repo hosts the source for Apollo Studio's Embeddable Explorer Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via missing origin validation in the window.postMessage process. An attacker can execute unauthorized GraphQL queri...

Apollo Studio Embeddable Explorer & Embeddable Sandbox 跨站请求伪造漏洞

Apollo Studio Embeddable Explorer & Embeddable Sandbox is an open source vectorization tool for Apollo GraphQL. A cross-site request forgery vulnerability exists in Apollo Studio Embeddable Explorer & Embeddable Sandbox, which stems from a lack of source validation when client code handles the...