Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
remorses/genql code injection
Vulnerability Description
remorses/genql before version 6.3.4 allows an authenticated attacker with control of the GraphQL schema that is passed to genql to inject arbitrary JavaScript or TypeScript. The malicious code is injected into the generated schema.ts file and executes when the genql client is bundled and imported.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
对输出编码和转义不恰当
Vulnerability Title
Tommy D. Rossi Genql 输出处理不当漏洞
Vulnerability Description
Tommy D. Rossi Genql是Tommy D. Rossi个人开发者的一个可根据GraphQL架构生成类型安全SDK和查询构建器的代码生成工具。 Tommy D. Rossi Genql 6.3.4之前版本存在输出处理不当漏洞,该漏洞源于输出处理不当,可能导致经过身份验证的攻击者控制传递到genql的GraphQL模式,注入任意JavaScript或TypeScript,恶意代码被注入到生成的schema.ts文件中,并在genql客户端打包导入时执行。
CVSS Information
N/A
Vulnerability Type
N/A