Advisory #60
Title | GraphiQL introspection schema template injection attack |
CVE ID | CVE-2021-41248 |
Vendor | GraphQL Foundation |
Affected product | GraphiQL |
Affected versions | 0.5.0 - 1.4.6 |
Vulnerability type | CWE-79 (Cross-site Scripting) |
Description | GraphiQL has a cross-site scripting vulnerability, which allows a malicious schema to execute arbitrary JavaScripts. |
Status | Fixed in 1.4.7 |
Recommendation | Update to 1.4.7 or above. |