Lucene search
Veracode Vulnerability DatabaseVERACODE:32805HistoryNov 05, 2021 - 2:38 a.m.
Template Injection
2021-11-0502:38:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.001 Low
EPSS
Percentile
30.7%
graphql-playground is vulnerable to template injection. An attacker is able to set malicious graphql schema URL dynamically via a vulnerable schema of custom graphiql implementation of graphiql’s fetcher .
| CPE | Name | Operator | Version |
|---|---|---|---|
| graphql-playground | le | 1.7.27 | |
| graphql-playground-react | le | 1.7.27 | |
| graphql-playground | le | 1.7.27 | |
| graphql-playground-react | le | 1.7.27 |
References
github.com/graphql/graphiql/commit/cb237eeeaf7333c4954c752122261db7520f7bf4
github.com/graphql/graphiql/security/advisories/GHSA-x4r7-m2q9-69c8
github.com/graphql/graphql-playground/commit/b8a956006835992f12c46b90384a79ab82bcadad
github.com/graphql/graphql-playground/security/advisories/GHSA-59r9-6jp6-jcm7
Related
nvd
nvd
CVE-2021-41248
2021-11-04 21:15:08
cvelist
cvelist
CVE-2021-41248 XSS vulnerability in GraphiQL
2021-11-04 20:15:11
prion
prion
Code injection
2021-11-04 21:15:00
github
github
GraphiQL introspection schema template injection attack
2021-11-08 18:03:50
cve
cve
CVE-2021-41248
2021-11-04 21:15:08
osv
osv
CVE-2021-41248
2021-11-04 21:15:08
CVE-2021-41249
2021-11-04 20:15:08
GraphiQL introspection schema template injection attack
2021-11-08 18:03:50