Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Reflected XSS in GraphQL Playground
Vulnerability Description
GraphQL Playground (graphql-playground-html NPM package) before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage() method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Note that some of the associated dependent middleware packages are also affected including but not limited to graphql-playground-middleware-express before version 1.7.16, graphql-playground-middleware-koa before version 1.6.15, graphql-playground-middleware-lambda before version 1.7.17, and graphql-playground-middleware-hapi before 1.6.13.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
GraphQL Playground 跨站脚本漏洞
Vulnerability Description
GraphQL Playground是德国Prisma实验室的一款基于GraphiQL的图形化、交互式、浏览器内的GraphQL IDE(集成开发环境)。 GraphQL Playground (graphql-playground-html NPM包)中存在跨站脚本漏洞。远程攻击者可借助特制的URL利用该漏洞在用户浏览器中执行脚本。以下产品及版本受到影响:graphql-playground-html 1.6.22之前版本;graphql-playground-middleware-express 1.
CVSS Information
N/A
Vulnerability Type
N/A