Lucene search
Veracode Vulnerability DatabaseVERACODE:32805HistoryNov 05, 2021 - 2:38 a.m.
Template Injection
2021-11-0502:38:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
template injection
graphql-playground
vulnerability
malicious url
graphql schema
EPSS
0.001
Percentile
32.7%
graphql-playground is vulnerable to template injection. An attacker is able to set malicious graphql schema URL dynamically via a vulnerable schema of custom graphiql implementation of graphiql’s fetcher .
References
github.com/graphql/graphiql/commit/cb237eeeaf7333c4954c752122261db7520f7bf4
github.com/graphql/graphiql/security/advisories/GHSA-x4r7-m2q9-69c8
github.com/graphql/graphql-playground/commit/b8a956006835992f12c46b90384a79ab82bcadad
github.com/graphql/graphql-playground/security/advisories/GHSA-59r9-6jp6-jcm7
Related
nvd
nvd
CVE-2021-41248
2021-11-04 21:15:08
cve
cve
CVE-2021-41248
2021-11-04 21:15:08
prion
prion
Code injection
2021-11-04 21:15:00
cvelist
cvelist
CVE-2021-41248 XSS vulnerability in GraphiQL
2021-11-04 20:15:11
github
github
GraphiQL introspection schema template injection attack
2021-11-08 18:03:50
osv
osv
CVE-2021-41248
2021-11-04 21:15:08
XSS vulnerability in GraphQL Playground from untrusted schemas
2021-11-08 18:06:09
CVE-2021-41249
2021-11-04 20:15:08