28 matches found
CVE-2021-41249
GraphQL Playground is a GraphQL IDE for development of graphQL focused applications. All versions of graphql-playground-react older than [email protected] are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names,...
EUVD-2021-2300
Malware in sbrugna...
graphql-playground
It is an offensive tool for GraphQL. This repository contains a proof-of-concept PoC exploit for a vulnerability in the GraphQL Playground, a popular IDE for GraphQL development. The exploit targets an XSS Reflection attack vulnerability in the graphql-playground-html package, which was resolved ...
graphql-playground
This repository is an offensive tool for GraphQL. It is a GraphQL IDE for better development workflows, featuring context-aware autocompletion and error highlighting, interactive, multi-column docs, and support for real-time GraphQL Subscriptions. The tool is vulnerable to an XSS Reflection attac...
graphql-playground
This is a repository for the GraphQL Playground, a development environment for building and testing GraphQL APIs. The repository contains several packages, including GraphQL Playground HTML, GraphQL Playground Express Middleware, GraphQL Playground Koa Middleware, and GraphQL Playground Hapi...
CVE-2020-4038
GraphQL Playground graphql-playground-html NPM package before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Not...
Malicious code in solana-graphql-playground (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 293a02fa1726046ea481def165e8c209dc7e6e1b108bc997d12977ecd4e613f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1178 Malicious code in solana-graphql-playground (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 293a02fa1726046ea481def165e8c209dc7e6e1b108bc997d12977ecd4e613f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Exploit for Cross-site Scripting in Prisma Graphql-Playground-Html
This is a PoC exploit for CVE-2020-4038, an XSS Reflection attack vulnerability in the GraphQL Playground repository. The vulnerability is present in the graphql-playground-html package, which is used by several other packages, including graphql-playground-express, graphql-playground-koa,...
Cross-site Scripting (XSS)
graphql-playground-react is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in Properties.html allowing an attacker to inject and execute malicious javascript...
GHSA-QM7X-RC44-RRQW Cross-site Scripting Vulnerability in GraphQL Playground (distributed by Apollo Server)
Impact In certain configurations, Apollo Server serves the client-side web app "GraphQL Playground" from the same web server that executes GraphQL operations. This web app has access to cookies and other credentials associated with the web server's operations. There is a cross-site scripting...
Cross-site Scripting Vulnerability in GraphQL Playground (distributed by Apollo Server)
Impact In certain configurations, Apollo Server serves the client-side web app "GraphQL Playground" from the same web server that executes GraphQL operations. This web app has access to cookies and other credentials associated with the web server's operations. There is a cross-site scripting...
@graphql-mesh/cli (>=0.12.0 <=0.19.2), @graphql-mesh/container (>=0.0.4 <=0.0.6) potentially affected by CVE-2021-41248 +1 more via graphql-playground-react (=1.7.27)
graphql-playground-react NPM version =1.7.27 is affected by a known vulnerability. The following packages have a transitive dependency on graphql-playground-react and may be impacted: - @graphql-mesh/cli =0.12.0, =0.0.4, =0.0.6 Source cves: CVE-2021-41248, CVE-2021-41249 Source advisory:...
GHSA-59R9-6JP6-JCM7 XSS vulnerability in GraphQL Playground from untrusted schemas
GraphQL Playground introspection schema template injection attack: Advisory Statement This is a security advisory for an XSS vulnerability in graphql-playground. A similar vulnerability affects graphiql, the package from which graphql-playground was forked. There is a corresponding graphiql...
XSS vulnerability in GraphQL Playground from untrusted schemas
GraphQL Playground introspection schema template injection attack: Advisory Statement This is a security advisory for an XSS vulnerability in graphql-playground. A similar vulnerability affects graphiql, the package from which graphql-playground was forked. There is a corresponding graphiql...
GraphiQL introspection schema template injection attack
Impact - 2. Scope - 3. Patches - 3.1 CDN bundle implementations may be automatically patched - 4. Workarounds for Older Versions - 5. How to Re-create the Exploit - 6. Credit - 7. References - 8. For more information This is a security advisory for an XSS vulnerability in graphiql. A similar...
Template Injection
graphql-playground is vulnerable to template injection. An attacker is able to set malicious graphql schema URL dynamically via a vulnerable schema of custom graphiql implementation of graphiql's fetcher...
CVE-2021-41249 XSS vulnerability in GraphQL Playground
GraphQL Playground is a GraphQL IDE for development of graphQL focused applications. All versions of graphql-playground-react older than [email protected] are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names,...
CVE-2021-41249
All sources describe a GraphQL Playground XSS in graphql-playground-react older than v1.7.28. The vulnerability arises from compromised HTTP introspection responses or schema prop values containing malicious GraphQL type names, enabling dynamic XSS and potential code execution when a user loads a...
PT-2021-23212 · Unknown +1 · Graphql-Playground-React +2
Name of the Vulnerable Software and Affected Versions: graphiql versions prior to 1.4.7 graphql-playground-react versions prior to 1.7.28 Description: The vulnerability allows for compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names, exposing a...