graphql-playground is vulnerable to template injection. An attacker is able to set malicious graphql schema URL dynamically via a vulnerable schema of custom graphiql implementation of graphiql’s fetcher .
github.com/graphql/graphiql/commit/cb237eeeaf7333c4954c752122261db7520f7bf4
github.com/graphql/graphiql/security/advisories/GHSA-x4r7-m2q9-69c8
github.com/graphql/graphql-playground/commit/b8a956006835992f12c46b90384a79ab82bcadad
github.com/graphql/graphql-playground/security/advisories/GHSA-59r9-6jp6-jcm7