GHSA-59R9-6JP6-JCM7 XSS vulnerability in GraphQL Playground from untrusted schemas

GraphQL Playground introspection schema template injection attack: Advisory Statement This is a security advisory for an XSS vulnerability in graphql-playground. A similar vulnerability affects graphiql, the package from which graphql-playground was forked. There is a corresponding graphiql...

CVE-2021-41248 XSS vulnerability in GraphiQL

GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. All versions of graphiql older than [email protected] are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names,...