Lucene search
+L

48 matches found

osv
osv
added 2021/11/08 6:3 p.m.11 views

GHSA-X4R7-M2Q9-69C8 GraphiQL introspection schema template injection attack

Impact - 2. Scope - 3. Patches - 3.1 CDN bundle implementations may be automatically patched - 4. Workarounds for Older Versions - 5. How to Re-create the Exploit - 6. Credit - 7. References - 8. For more information This is a security advisory for an XSS vulnerability in graphiql. A similar...

7.1CVSS6AI score0.01182EPSS
Exploits0References8
github
github
added 2021/11/08 6:3 p.m.65 views

GraphiQL introspection schema template injection attack

Impact - 2. Scope - 3. Patches - 3.1 CDN bundle implementations may be automatically patched - 4. Workarounds for Older Versions - 5. How to Re-create the Exploit - 6. Credit - 7. References - 8. For more information This is a security advisory for an XSS vulnerability in graphiql. A similar...

7.1CVSS0.4AI score0.01032EPSS
Exploits0References8Affected Software1
nvd
nvd
added 2021/11/04 9:15 p.m.23 views

CVE-2021-41248

GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. All versions of graphiql older than [email protected] are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names,...

7.1CVSS0.01032EPSS
Exploits0References3
osv
osv
added 2021/11/04 9:15 p.m.12 views

CVE-2021-41248

GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. All versions of graphiql older than [email protected] are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names,...

4.7CVSS4.8AI score
Exploits0References3
prion
prion
added 2021/11/04 9:15 p.m.19 views

Code injection

GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. All versions of graphiql older than email protected are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names,...

2.6CVSS4.7AI score0.01032EPSS
Exploits0References3Affected Software1
cve
cve
added 2021/11/04 8:15 p.m.76 views

CVE-2021-41248

CVE-2021-41248 affects GraphiQL and all forks where schemas may be loaded from attacker-controlled endpoints. Vulnerable in graphiql and forks prior to [email protected] via compromised HTTP introspection responses or schema props containing malicious GraphQL type names, enabling a dynamic XSS attac...

7.1CVSS5.1AI score0.01032EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2021/11/04 8:15 p.m.49 views

CVE-2021-41248 XSS vulnerability in GraphiQL

GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. All versions of graphiql older than [email protected] are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names,...

7.1CVSS6.9AI score0.01032EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2021/11/04 12:0 a.m.15 views

PT-2021-23212 · Unknown +1 · Graphql-Playground-React +2

Name of the Vulnerable Software and Affected Versions: graphiql versions prior to 1.4.7 graphql-playground-react versions prior to 1.7.28 Description: The vulnerability allows for compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names, exposing a...

7.1CVSS6.5AI score0.01182EPSS
Exploits0References16
Rows per page
Query Builder