3136 matches found
@awoyotoyin/ts-graphql-yoga-express-starter (=1.0.0), @botsbotsbots/api (>=0.1.0-latest.5b715197 <=0.1.0-latest.d90c50ea) +152 more potentially affected by CVE-2020-4038 via graphql-playground-html (>=1.4.1 <=1.6.19)
graphql-playground-html NPM version =1.4.1, =0.1.0-latest.5b715197, =0.1.0, =0.1.1, =1.0.0, =0.0.1-beta, =4.0.0, =1.0.0, =1.7.0, =1.8.81, =1.8.81, =1.8.80, =1.6.26, =1.8.175 and more Source cves: CVE-2020-4038 Source advisory: OSV:GHSA-4852-VRH7-28RF...
GHSA-4852-VRH7-28RF Reflected XSS in GraphQL Playground
Impact directly impacted: - [email protected] - all unsanitized user input for renderPlaygroundPage all of our consuming packages of graphql-playground-html are impacted: - [email protected] - unsanitized user input to expressPlayground -...
Reflected XSS in GraphQL Playground
Impact directly impacted: - [email protected] - all unsanitized user input for renderPlaygroundPage all of our consuming packages of graphql-playground-html are impacted: - [email protected] - unsanitized user input to expressPlayground -...
GraphQL Playground Cross-Site Scripting Vulnerability
GraphQL Playground is a graphical, interactive, in-browser GraphQL IDE Integrated Development Environment based on GraphiQL from Prisma Labs, Germany. A cross-site scripting vulnerability exists in GraphQL Playground graphql-playground-html NPM package. A remote attacker can exploit this...
CVE-2020-4038
GraphQL Playground graphql-playground-html NPM package before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Not...
CVE-2020-4038
GraphQL Playground graphql-playground-html NPM package before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Not...
Design/Logic Flaw
GraphQL Playground graphql-playground-html NPM package before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Not...
CVE-2020-4038
The CVE-2020-4038 entry concerns GraphQL Playground (graphql-playground-html) with an XSS reflection vulnerability in versions before 1.6.22, triggered by unsanitized input rendered in renderPlaygroundPage(). A patch is available in graphql-playground-html v1.6.22, and related middleware packages...
CVE-2020-4038 Reflected XSS in GraphQL Playground
GraphQL Playground graphql-playground-html NPM package before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Not...
Information Disclosure
apollo-server-cloudflare is vulnerable to information leakage. Lack of validation rules enforcement during the subscription server creation with NoInstrospection rule for websockets exposes GraphQL schema types, their relations, human-readable names and many More information on the references...
Information Disclosure
apollo-server-hapi is vulnerable to information leakage. Lack of validation rules enforcement during the subscription server creation with NoInstrospection rule for websockets exposes GraphQL schema types, their relations, human-readable names and many More information on the references...
Information Leakage
apollo-server-lambda is vulnerable to information leakage. Lack of validation rules enforcement during the subscription server creation with NoInstrospection rule for websockets exposes GraphQL schema types, their relations, human-readable names and many More information on the references...
Information Exposure
Overview Versions of apollo-server-lambda prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their relatio...
Information Exposure
Overview Versions of apollo-server-hapi prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their relations...
Information Exposure
Overview Versions of apollo-server-express prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their...
Information Exposure
Overview Versions of apollo-server-cloudflare prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their...
Information Exposure
Overview Versions of apollo-server-cloud-functions prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, thei...
Information Exposure
Overview Versions of apollo-server-core prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their relations...
Information Exposure
Overview Versions of apollo-server-cache-memcached prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, thei...
Information Exposure
Overview Versions of apollo-server-azure-functions prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, thei...