Lucene search
K

3136 matches found

vulnersOsv
vulnersOsv
added 2020/06/09 12:24 a.m.5 views

@awoyotoyin/ts-graphql-yoga-express-starter (=1.0.0), @botsbotsbots/api (>=0.1.0-latest.5b715197 <=0.1.0-latest.d90c50ea) +152 more potentially affected by CVE-2020-4038 via graphql-playground-html (>=1.4.1 <=1.6.19)

graphql-playground-html NPM version =1.4.1, =0.1.0-latest.5b715197, =0.1.0, =0.1.1, =1.0.0, =0.0.1-beta, =4.0.0, =1.0.0, =1.7.0, =1.8.81, =1.8.81, =1.8.80, =1.6.26, =1.8.175 and more Source cves: CVE-2020-4038 Source advisory: OSV:GHSA-4852-VRH7-28RF...

7.4CVSS7.1AI score0.07243EPSS
Exploits1
OSV
OSV
added 2020/06/09 12:24 a.m.16 views

GHSA-4852-VRH7-28RF Reflected XSS in GraphQL Playground

Impact directly impacted: - [email protected] - all unsanitized user input for renderPlaygroundPage all of our consuming packages of graphql-playground-html are impacted: - [email protected] - unsanitized user input to expressPlayground -...

7.4CVSS7.3AI score0.07243EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2020/06/09 12:24 a.m.103 views

Reflected XSS in GraphQL Playground

Impact directly impacted: - [email protected] - all unsanitized user input for renderPlaygroundPage all of our consuming packages of graphql-playground-html are impacted: - [email protected] - unsanitized user input to expressPlayground -...

7.4CVSS0.2AI score0.07243EPSS
Exploits1References6Affected Software1
CNVD
CNVD
added 2020/06/09 12:0 a.m.3 views

GraphQL Playground Cross-Site Scripting Vulnerability

GraphQL Playground is a graphical, interactive, in-browser GraphQL IDE Integrated Development Environment based on GraphiQL from Prisma Labs, Germany. A cross-site scripting vulnerability exists in GraphQL Playground graphql-playground-html NPM package. A remote attacker can exploit this...

7.4CVSS6.4AI score0.07243EPSS
Exploits1References1
NVD
NVD
added 2020/06/08 9:15 p.m.31 views

CVE-2020-4038

GraphQL Playground graphql-playground-html NPM package before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Not...

7.4CVSS7.1AI score0.07243EPSS
Exploits1References3
OSV
OSV
added 2020/06/08 9:15 p.m.15 views

CVE-2020-4038

GraphQL Playground graphql-playground-html NPM package before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Not...

7.4CVSS7.1AI score
Exploits0References3
Prion
Prion
added 2020/06/08 9:15 p.m.19 views

Design/Logic Flaw

GraphQL Playground graphql-playground-html NPM package before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Not...

4.3CVSS7.1AI score0.07243EPSS
Exploits1References3Affected Software5
CVE
CVE
added 2020/06/08 8:40 p.m.71 views

CVE-2020-4038

The CVE-2020-4038 entry concerns GraphQL Playground (graphql-playground-html) with an XSS reflection vulnerability in versions before 1.6.22, triggered by unsanitized input rendered in renderPlaygroundPage(). A patch is available in graphql-playground-html v1.6.22, and related middleware packages...

7.4CVSS7.1AI score0.07243EPSS
Exploits1References3Affected Software5
Cvelist
Cvelist
added 2020/06/08 8:40 p.m.32 views

CVE-2020-4038 Reflected XSS in GraphQL Playground

GraphQL Playground graphql-playground-html NPM package before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Not...

7.4CVSS7.1AI score0.07243EPSS
Exploits1References3
Veracode
Veracode
added 2020/06/08 9:22 a.m.17 views

Information Disclosure

apollo-server-cloudflare is vulnerable to information leakage. Lack of validation rules enforcement during the subscription server creation with NoInstrospection rule for websockets exposes GraphQL schema types, their relations, human-readable names and many More information on the references...

1.1AI score
Exploits0
Veracode
Veracode
added 2020/06/08 9:13 a.m.8 views

Information Disclosure

apollo-server-hapi is vulnerable to information leakage. Lack of validation rules enforcement during the subscription server creation with NoInstrospection rule for websockets exposes GraphQL schema types, their relations, human-readable names and many More information on the references...

1.1AI score
Exploits0
Veracode
Veracode
added 2020/06/08 6:21 a.m.14 views

Information Leakage

apollo-server-lambda is vulnerable to information leakage. Lack of validation rules enforcement during the subscription server creation with NoInstrospection rule for websockets exposes GraphQL schema types, their relations, human-readable names and many More information on the references...

1.2AI score
Exploits0
Node.js
Node.js
added 2020/06/05 8:20 p.m.19 views

Information Exposure

Overview Versions of apollo-server-lambda prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their relatio...

6.7AI score
Exploits0Affected Software1
Node.js
Node.js
added 2020/06/05 7:51 p.m.19 views

Information Exposure

Overview Versions of apollo-server-hapi prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their relations...

6.7AI score
Exploits0Affected Software1
Node.js
Node.js
added 2020/06/05 7:50 p.m.16 views

Information Exposure

Overview Versions of apollo-server-express prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their...

6.7AI score
Exploits0Affected Software1
Node.js
Node.js
added 2020/06/05 7:50 p.m.19 views

Information Exposure

Overview Versions of apollo-server-cloudflare prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their...

6.7AI score
Exploits0Affected Software1
Node.js
Node.js
added 2020/06/05 7:50 p.m.17 views

Information Exposure

Overview Versions of apollo-server-cloud-functions prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, thei...

6.7AI score
Exploits0Affected Software1
Node.js
Node.js
added 2020/06/05 7:49 p.m.15 views

Information Exposure

Overview Versions of apollo-server-core prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their relations...

6.7AI score
Exploits0Affected Software1
Node.js
Node.js
added 2020/06/05 7:49 p.m.18 views

Information Exposure

Overview Versions of apollo-server-cache-memcached prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, thei...

6.7AI score
Exploits0Affected Software1
Node.js
Node.js
added 2020/06/05 7:48 p.m.23 views

Information Exposure

Overview Versions of apollo-server-azure-functions prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, thei...

6.7AI score
Exploits0Affected Software1
Rows per page
Query Builder