Advisory #61
Title | Cross-site Scripting Vulnerability in GraphQL Playground (distributed by Apollo Server) |
CVE ID | CVE-2021-41249 |
Vendor | Apollo GraphQL |
Affected product | Apollo Server |
Affected versions | 2.0.0 - 2.25.2, 3.0.0 - 3.4.0 |
Vulnerability type | CWE-79 (Cross-site Scripting) |
Description | Apollo Server has a cross-site scripting vulnerability in GraphQL Playground component, which allows a malicious schema to execute arbitrary JavaScripts. |
Status | Fixed in 2.25.3/3.4.1 |
Recommendation | Update to 2.25.3/3.4.1 or above. |