Advisory #61 - RyotaK's Vuln DB

Advisory #61

Title	Cross-site Scripting Vulnerability in GraphQL Playground (distributed by Apollo Server)
CVE ID	CVE-2021-41249
Vendor	Apollo GraphQL
Affected product	Apollo Server
Affected versions	2.0.0 - 2.25.2, 3.0.0 - 3.4.0
Vulnerability type	CWE-79 (Cross-site Scripting)
Description	Apollo Server has a cross-site scripting vulnerability in GraphQL Playground component, which allows a malicious schema to execute arbitrary JavaScripts.
Status	Fixed in 2.25.3/3.4.1
Recommendation	Update to 2.25.3/3.4.1 or above.