48 matches found
GHSA-X4R7-M2Q9-69C8 GraphiQL introspection schema template injection attack
Impact - 2. Scope - 3. Patches - 3.1 CDN bundle implementations may be automatically patched - 4. Workarounds for Older Versions - 5. How to Re-create the Exploit - 6. Credit - 7. References - 8. For more information This is a security advisory for an XSS vulnerability in graphiql. A similar...
GraphiQL introspection schema template injection attack
Impact - 2. Scope - 3. Patches - 3.1 CDN bundle implementations may be automatically patched - 4. Workarounds for Older Versions - 5. How to Re-create the Exploit - 6. Credit - 7. References - 8. For more information This is a security advisory for an XSS vulnerability in graphiql. A similar...
CVE-2021-41248
GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. All versions of graphiql older than [email protected] are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names,...
CVE-2021-41248
GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. All versions of graphiql older than [email protected] are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names,...
Code injection
GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. All versions of graphiql older than email protected are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names,...
CVE-2021-41248
CVE-2021-41248 affects GraphiQL and all forks where schemas may be loaded from attacker-controlled endpoints. Vulnerable in graphiql and forks prior to [email protected] via compromised HTTP introspection responses or schema props containing malicious GraphQL type names, enabling a dynamic XSS attac...
CVE-2021-41248 XSS vulnerability in GraphiQL
GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. All versions of graphiql older than [email protected] are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names,...
PT-2021-23212 · Unknown +1 · Graphql-Playground-React +2
Name of the Vulnerable Software and Affected Versions: graphiql versions prior to 1.4.7 graphql-playground-react versions prior to 1.7.28 Description: The vulnerability allows for compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names, exposing a...