Vulnerability-Lookup

CVE-2020-4038 (GCVE-0-2020-4038)

Vulnerability from cvelistv5 – Published: 2020-06-08 20:40 – Updated: 2024-08-04 07:52

Title

Reflected XSS in GraphQL Playground

Summary

GraphQL Playground (graphql-playground-html NPM package) before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage() method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Note that some of the associated dependent middleware packages are also affected including but not limited to graphql-playground-middleware-express before version 1.7.16, graphql-playground-middleware-koa before version 1.6.15, graphql-playground-middleware-lambda before version 1.7.17, and graphql-playground-middleware-hapi before 1.6.13.

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/prisma-labs/graphql-playground…	x_refsource_CONFIRM
	https://github.com/prisma-labs/graphql-playground…	x_refsource_MISC
	https://github.com/prisma-labs/graphql-playground…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	prisma-labs	graphql-playground	Affected: < 1.6.22

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:52:20.823Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/prisma-labs/graphql-playground/security/advisories/GHSA-4852-vrh7-28rf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/prisma-labs/graphql-playground/commit/bf1883db538c97b076801a60677733816cb3cfb7"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/prisma-labs/graphql-playground#security-details"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "graphql-playground",
          "vendor": "prisma-labs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.6.22"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GraphQL Playground (graphql-playground-html NPM package) before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage() method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Note that some of the associated dependent middleware packages are also affected including but not limited to graphql-playground-middleware-express before version 1.7.16, graphql-playground-middleware-koa before version 1.6.15, graphql-playground-middleware-lambda before version 1.7.17, and graphql-playground-middleware-hapi before 1.6.13."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-08T20:40:12",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/prisma-labs/graphql-playground/security/advisories/GHSA-4852-vrh7-28rf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/prisma-labs/graphql-playground/commit/bf1883db538c97b076801a60677733816cb3cfb7"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/prisma-labs/graphql-playground#security-details"
        }
      ],
      "source": {
        "advisory": "GHSA-4852-vrh7-28rf",
        "discovery": "UNKNOWN"
      },
      "title": "Reflected XSS in GraphQL Playground",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-4038",
          "STATE": "PUBLIC",
          "TITLE": "Reflected XSS in GraphQL Playground"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "graphql-playground",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.6.22"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "prisma-labs"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GraphQL Playground (graphql-playground-html NPM package) before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage() method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Note that some of the associated dependent middleware packages are also affected including but not limited to graphql-playground-middleware-express before version 1.7.16, graphql-playground-middleware-koa before version 1.6.15, graphql-playground-middleware-lambda before version 1.7.17, and graphql-playground-middleware-hapi before 1.6.13."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/prisma-labs/graphql-playground/security/advisories/GHSA-4852-vrh7-28rf",
              "refsource": "CONFIRM",
              "url": "https://github.com/prisma-labs/graphql-playground/security/advisories/GHSA-4852-vrh7-28rf"
            },
            {
              "name": "https://github.com/prisma-labs/graphql-playground/commit/bf1883db538c97b076801a60677733816cb3cfb7",
              "refsource": "MISC",
              "url": "https://github.com/prisma-labs/graphql-playground/commit/bf1883db538c97b076801a60677733816cb3cfb7"
            },
            {
              "name": "https://github.com/prisma-labs/graphql-playground#security-details",
              "refsource": "MISC",
              "url": "https://github.com/prisma-labs/graphql-playground#security-details"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-4852-vrh7-28rf",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-4038",
    "datePublished": "2020-06-08T20:40:12",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-08-04T07:52:20.823Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:prisma:graphql-playground-html:*:*:*:*:*:node.js:*:*\", \"versionEndExcluding\": \"1.6.22\", \"matchCriteriaId\": \"ABADBEC8-9462-4D41-9CF2-AAE06F44B192\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:prisma:graphql-playground-middleware-express:*:*:*:*:*:node.js:*:*\", \"versionEndExcluding\": \"1.7.16\", \"matchCriteriaId\": \"8277C213-ED4A-495C-8F78-3A6BAB562EEA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:prisma:graphql-playground-middleware-hapi:*:*:*:*:*:node.js:*:*\", \"versionEndExcluding\": \"1.6.13\", \"matchCriteriaId\": \"8FF9861D-5F51-4395-8399-B20E883D1AE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:prisma:graphql-playground-middleware-koa:*:*:*:*:*:node.js:*:*\", \"versionEndExcluding\": \"1.6.15\", \"matchCriteriaId\": \"2CEB6EE1-895A-4729-9E77-64B758B1F8A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:prisma:graphql-playground-middleware-lambda:*:*:*:*:*:node.js:*:*\", \"versionEndExcluding\": \"1.7.17\", \"matchCriteriaId\": \"A2DF5937-B97F-4B80-9258-4F289B450F3E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"GraphQL Playground (graphql-playground-html NPM package) before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage() method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Note that some of the associated dependent middleware packages are also affected including but not limited to graphql-playground-middleware-express before version 1.7.16, graphql-playground-middleware-koa before version 1.6.15, graphql-playground-middleware-lambda before version 1.7.17, and graphql-playground-middleware-hapi before 1.6.13.\"}, {\"lang\": \"es\", \"value\": \"GraphQL Playground (paquete Graphql-playground-html NPM) versi\\u00f3n anterior a 1.6.22, presenta una grave vulnerabilidad de ataque de Reflexi\\u00f3n XSS. Toda entrada de usuario no saneada que es pasada al m\\u00e9todo renderPlaygroundPage() podr\\u00eda desencadenar esta vulnerabilidad. Esto ha sido parcheado en graphql-playground-html versi\\u00f3n 1.6.22. Tome en cuenta que algunos de los paquetes de middleware dependientes asociados tambi\\u00e9n est\\u00e1n afectados, incluidos, entre otros, graphql-playground-middleware-express versi\\u00f3n anterior a 1.7.16, graphql-playground-middleware-koa versi\\u00f3n anterior a 1.6.15, graphql-playground-middleware-lambda versi\\u00f3n anterior a 1.7.17, y graphql-playground-middleware-hapi versi\\u00f3n anterior a 1.6.13\"}]",
      "id": "CVE-2020-4038",
      "lastModified": "2024-11-21T05:32:11.997",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 4.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 4.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2020-06-08T21:15:09.923",
      "references": "[{\"url\": \"https://github.com/prisma-labs/graphql-playground#security-details\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/prisma-labs/graphql-playground/commit/bf1883db538c97b076801a60677733816cb3cfb7\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/prisma-labs/graphql-playground/security/advisories/GHSA-4852-vrh7-28rf\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/prisma-labs/graphql-playground#security-details\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/prisma-labs/graphql-playground/commit/bf1883db538c97b076801a60677733816cb3cfb7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/prisma-labs/graphql-playground/security/advisories/GHSA-4852-vrh7-28rf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-4038\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2020-06-08T21:15:09.923\",\"lastModified\":\"2024-11-21T05:32:11.997\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"GraphQL Playground (graphql-playground-html NPM package) before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage() method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Note that some of the associated dependent middleware packages are also affected including but not limited to graphql-playground-middleware-express before version 1.7.16, graphql-playground-middleware-koa before version 1.6.15, graphql-playground-middleware-lambda before version 1.7.17, and graphql-playground-middleware-hapi before 1.6.13.\"},{\"lang\":\"es\",\"value\":\"GraphQL Playground (paquete Graphql-playground-html NPM) versi\u00f3n anterior a 1.6.22, presenta una grave vulnerabilidad de ataque de Reflexi\u00f3n XSS. Toda entrada de usuario no saneada que es pasada al m\u00e9todo renderPlaygroundPage() podr\u00eda desencadenar esta vulnerabilidad. Esto ha sido parcheado en graphql-playground-html versi\u00f3n 1.6.22. Tome en cuenta que algunos de los paquetes de middleware dependientes asociados tambi\u00e9n est\u00e1n afectados, incluidos, entre otros, graphql-playground-middleware-express versi\u00f3n anterior a 1.7.16, graphql-playground-middleware-koa versi\u00f3n anterior a 1.6.15, graphql-playground-middleware-lambda versi\u00f3n anterior a 1.7.17, y graphql-playground-middleware-hapi versi\u00f3n anterior a 1.6.13\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:prisma:graphql-playground-html:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"1.6.22\",\"matchCriteriaId\":\"ABADBEC8-9462-4D41-9CF2-AAE06F44B192\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:prisma:graphql-playground-middleware-express:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"1.7.16\",\"matchCriteriaId\":\"8277C213-ED4A-495C-8F78-3A6BAB562EEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:prisma:graphql-playground-middleware-hapi:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"1.6.13\",\"matchCriteriaId\":\"8FF9861D-5F51-4395-8399-B20E883D1AE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:prisma:graphql-playground-middleware-koa:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"1.6.15\",\"matchCriteriaId\":\"2CEB6EE1-895A-4729-9E77-64B758B1F8A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:prisma:graphql-playground-middleware-lambda:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"1.7.17\",\"matchCriteriaId\":\"A2DF5937-B97F-4B80-9258-4F289B450F3E\"}]}]}],\"references\":[{\"url\":\"https://github.com/prisma-labs/graphql-playground#security-details\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/prisma-labs/graphql-playground/commit/bf1883db538c97b076801a60677733816cb3cfb7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/prisma-labs/graphql-playground/security/advisories/GHSA-4852-vrh7-28rf\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/prisma-labs/graphql-playground#security-details\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/prisma-labs/graphql-playground/commit/bf1883db538c97b076801a60677733816cb3cfb7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/prisma-labs/graphql-playground/security/advisories/GHSA-4852-vrh7-28rf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]}]}}"
  }
}

CNVD-2020-36614

Vulnerability from cnvd - Published: 2020-07-07

Title

GraphQL Playground跨站脚本漏洞

Description

GraphQL Playground是德国Prisma实验室的一款基于GraphiQL的图形化、交互式、浏览器内的GraphQL IDE（集成开发环境）。 GraphQL Playground (graphql-playground-html NPM包)中存在跨站脚本漏洞。远程攻击者可借助特制的URL利用该漏洞在用户浏览器中执行脚本。

Severity

中

Patch Name

GraphQL Playground跨站脚本漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/prisma-labs/graphql-playground/security/advisories/GHSA-4852-vrh7-28rf

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-4038

Impacted products

Name
['Prisma graphql-playground-html <1.6.22', 'Prisma graphql-playground-middleware-express <1.7.16', 'Prisma graphql-playground-middleware-koa <1.6.15', 'Prisma graphql-playground-middleware-lambda <1.7.17', 'Prisma graphql-playground-middleware-hapi <1.6.13']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-4038"
    }
  },
  "description": "GraphQL Playground\u662f\u5fb7\u56fdPrisma\u5b9e\u9a8c\u5ba4\u7684\u4e00\u6b3e\u57fa\u4e8eGraphiQL\u7684\u56fe\u5f62\u5316\u3001\u4ea4\u4e92\u5f0f\u3001\u6d4f\u89c8\u5668\u5185\u7684GraphQL IDE\uff08\u96c6\u6210\u5f00\u53d1\u73af\u5883\uff09\u3002\n\nGraphQL Playground (graphql-playground-html NPM\u5305)\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684URL\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7528\u6237\u6d4f\u89c8\u5668\u4e2d\u6267\u884c\u811a\u672c\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/prisma-labs/graphql-playground/security/advisories/GHSA-4852-vrh7-28rf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-36614",
  "openTime": "2020-07-07",
  "patchDescription": "GraphQL Playground\u662f\u5fb7\u56fdPrisma\u5b9e\u9a8c\u5ba4\u7684\u4e00\u6b3e\u57fa\u4e8eGraphiQL\u7684\u56fe\u5f62\u5316\u3001\u4ea4\u4e92\u5f0f\u3001\u6d4f\u89c8\u5668\u5185\u7684GraphQL IDE\uff08\u96c6\u6210\u5f00\u53d1\u73af\u5883\uff09\u3002\r\n\r\nGraphQL Playground (graphql-playground-html NPM\u5305)\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684URL\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7528\u6237\u6d4f\u89c8\u5668\u4e2d\u6267\u884c\u811a\u672c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "GraphQL Playground\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Prisma graphql-playground-html \u003c1.6.22",
      "Prisma graphql-playground-middleware-express \u003c1.7.16",
      "Prisma graphql-playground-middleware-koa \u003c1.6.15",
      "Prisma graphql-playground-middleware-lambda \u003c1.7.17",
      "Prisma graphql-playground-middleware-hapi \u003c1.6.13"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-4038",
  "serverity": "\u4e2d",
  "submitTime": "2020-06-09",
  "title": "GraphQL Playground\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

GSD-2020-4038

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-4038

Aliases

CVE-2020-4038

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-4038",
    "description": "GraphQL Playground (graphql-playground-html NPM package) before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage() method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Note that some of the associated dependent middleware packages are also affected including but not limited to graphql-playground-middleware-express before version 1.7.16, graphql-playground-middleware-koa before version 1.6.15, graphql-playground-middleware-lambda before version 1.7.17, and graphql-playground-middleware-hapi before 1.6.13.",
    "id": "GSD-2020-4038"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-4038"
      ],
      "details": "GraphQL Playground (graphql-playground-html NPM package) before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage() method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Note that some of the associated dependent middleware packages are also affected including but not limited to graphql-playground-middleware-express before version 1.7.16, graphql-playground-middleware-koa before version 1.6.15, graphql-playground-middleware-lambda before version 1.7.17, and graphql-playground-middleware-hapi before 1.6.13.",
      "id": "GSD-2020-4038",
      "modified": "2023-12-13T01:21:48.222848Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-4038",
        "STATE": "PUBLIC",
        "TITLE": "Reflected XSS in GraphQL Playground"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "graphql-playground",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 1.6.22"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "prisma-labs"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "GraphQL Playground (graphql-playground-html NPM package) before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage() method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Note that some of the associated dependent middleware packages are also affected including but not limited to graphql-playground-middleware-express before version 1.7.16, graphql-playground-middleware-koa before version 1.6.15, graphql-playground-middleware-lambda before version 1.7.17, and graphql-playground-middleware-hapi before 1.6.13."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/prisma-labs/graphql-playground/security/advisories/GHSA-4852-vrh7-28rf",
            "refsource": "CONFIRM",
            "url": "https://github.com/prisma-labs/graphql-playground/security/advisories/GHSA-4852-vrh7-28rf"
          },
          {
            "name": "https://github.com/prisma-labs/graphql-playground/commit/bf1883db538c97b076801a60677733816cb3cfb7",
            "refsource": "MISC",
            "url": "https://github.com/prisma-labs/graphql-playground/commit/bf1883db538c97b076801a60677733816cb3cfb7"
          },
          {
            "name": "https://github.com/prisma-labs/graphql-playground#security-details",
            "refsource": "MISC",
            "url": "https://github.com/prisma-labs/graphql-playground#security-details"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-4852-vrh7-28rf",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c1.6.22",
          "affected_versions": "All versions before 1.6.22",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2020-06-12",
          "description": "GraphQL Playground (graphql-playground-html NPM package) has a severe XSS Reflection attack vulnerability. All unsanitized user input passed into `renderPlaygroundPage()` method could trigger this vulnerability.",
          "fixed_versions": [
            "1.6.22"
          ],
          "identifier": "CVE-2020-4038",
          "identifiers": [
            "CVE-2020-4038",
            "GHSA-4852-vrh7-28rf"
          ],
          "not_impacted": "All versions starting from 1.6.22",
          "package_slug": "npm/graphql-playground-html",
          "pubdate": "2020-06-08",
          "solution": "Upgrade to version 1.6.22 or above.",
          "title": "Cross-site Scripting",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-4038"
          ],
          "uuid": "458a57e1-a0de-4462-9aa1-b4c892319960"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:prisma:graphql-playground-html:*:*:*:*:*:node.js:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.6.22",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:prisma:graphql-playground-middleware-express:*:*:*:*:*:node.js:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.7.16",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:prisma:graphql-playground-middleware-hapi:*:*:*:*:*:node.js:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.6.13",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:prisma:graphql-playground-middleware-koa:*:*:*:*:*:node.js:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.6.15",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:prisma:graphql-playground-middleware-lambda:*:*:*:*:*:node.js:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.7.17",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-4038"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "GraphQL Playground (graphql-playground-html NPM package) before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage() method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Note that some of the associated dependent middleware packages are also affected including but not limited to graphql-playground-middleware-express before version 1.7.16, graphql-playground-middleware-koa before version 1.6.15, graphql-playground-middleware-lambda before version 1.7.17, and graphql-playground-middleware-hapi before 1.6.13."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/prisma-labs/graphql-playground/commit/bf1883db538c97b076801a60677733816cb3cfb7",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/prisma-labs/graphql-playground/commit/bf1883db538c97b076801a60677733816cb3cfb7"
            },
            {
              "name": "https://github.com/prisma-labs/graphql-playground/security/advisories/GHSA-4852-vrh7-28rf",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Third Party Advisory"
              ],
              "url": "https://github.com/prisma-labs/graphql-playground/security/advisories/GHSA-4852-vrh7-28rf"
            },
            {
              "name": "https://github.com/prisma-labs/graphql-playground#security-details",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/prisma-labs/graphql-playground#security-details"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 4.0
        }
      },
      "lastModifiedDate": "2020-06-12T14:38Z",
      "publishedDate": "2020-06-08T21:15Z"
    }
  }
}

GHSA-4852-VRH7-28RF

Vulnerability from github – Published: 2020-06-09 00:24 – Updated: 2021-11-04 17:11

Summary

Reflected XSS in GraphQL Playground

Details

Impact

directly impacted:

graphql-playground-html@<1.6.22 - all unsanitized user input for renderPlaygroundPage()

all of our consuming packages of graphql-playground-html are impacted:

graphql-playground-middleware-express@<1.7.16 - unsanitized user input to expressPlayground()
graphql-playground-middleware-koa@<1.6.15 - unsanitized user input to koaPlayground()
graphql-playground-middleware-lambda@<1.7.17 - unsanitized user input to lambdaPlayground()
graphql-playground-middleware-hapi@<1.6.13 - unsanitized user input to hapiPlayground()

as well as any other packages that use these methods with unsanitized user input.

not impacted:

graphql-playground-electron - uses renderPlaygroundPage() statically for a webpack build for electron bundle, no dynamic user input
graphql-playground-react - usage of the component directly in a react application does not expose reflected XSS vulnerabilities. only the demo in public/ contains the vulnerability, because it uses an old version of the html pacakge.

Patches

upgrading to the above mentioned versions will solve the issue.

If you're using graphql-playground-html directly, then:

yarn add graphql-playground-html@^1.6.22

npm install --save graphql-playground-html@^1.6.22

Then, similar steps need to be taken for each middleware:

Workarounds

Ensure you properly sanitize all user input for options you use for whatever function to initialize GraphQLPlayground:

for example, with graphql-playground-html and express:

const { sanitizeUrl } = require('@braintree/sanitize-url');

const qs = require('querystringify');

const { renderPlaygroundPage } = require('graphql-playground-html');

module.exports = (req, res, next) => {
    const { endpoint } = qs.parse(req.url)
    res.html(renderPlaygroundPage({endpoint: sanitizeUrl(endpoint) })).status(200)
    next()
}

or, with graphql-playground-express:

const { expressPlayground } = require('graphql-playground-middleware-express');
const { sanitizeUrl } = require('@braintree/sanitize-url');

const qs = require('querystringify');

const { renderPlaygroundPage } = require('graphql-playground-html');

module.exports = (req, res, next) => {
    const { endpoint } = qs.parse(req.url)
    res.html(expressPlayground({endpoint: sanitizeUrl(endpoint) })).status(200)
    next()
}

References

Credits

Masato Kinugawa of Cure53

For more information

If you have any questions or comments about this advisory: * Open an issue in graphql-playground * Email us at rikki.schulte@gmail.com

Severity ?

7.4 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "graphql-playground-html"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.22"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-4038"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-08T20:27:53Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\n\n**directly impacted:**\n\n- `graphql-playground-html@\u003c1.6.22` - all unsanitized user input for `renderPlaygroundPage()`\n\n**all of our consuming packages** of `graphql-playground-html` are impacted:\n\n- `graphql-playground-middleware-express@\u003c1.7.16` - unsanitized user input to `expressPlayground()`\n- `graphql-playground-middleware-koa@\u003c1.6.15` - unsanitized user input to `koaPlayground()`\n- `graphql-playground-middleware-lambda@\u003c1.7.17` - unsanitized user input to `lambdaPlayground()`\n- `graphql-playground-middleware-hapi@\u003c1.6.13` - unsanitized user input to `hapiPlayground()`\n\nas well as ***any other packages*** that use these methods with unsanitized user input.\n\n**not impacted:**\n\n- `graphql-playground-electron` - uses `renderPlaygroundPage()` statically for a webpack build for electron bundle, no dynamic user input\n- `graphql-playground-react` - usage of the component directly in a react application does not expose reflected XSS vulnerabilities. only the demo in `public/` contains the vulnerability, because it uses an old version of the html pacakge.\n\n### Patches\n\nupgrading to the above mentioned versions will solve the issue.\n\nIf you\u0027re using `graphql-playground-html` directly, then:\n\n```\nyarn add graphql-playground-html@^1.6.22\n```\n\nor\n\n```\nnpm install --save graphql-playground-html@^1.6.22\n```\n\nThen, similar steps need to be taken for each middleware:\n\n- [Upgrade Express Middleware](https://www.npmjs.com/package/graphql-playground-middleware-express#security-upgrade-steps)\n- [Upgrade Koa Middleware](https://www.npmjs.com/package/graphql-playground-middleware-koa#security-upgrade-steps)\n- [Upgrade Lambda Middleware](https://www.npmjs.com/package/graphql-playground-middleware-lambda#security-upgrade-steps)\n- [Upgrade Hapi Middleware](https://www.npmjs.com/package/graphql-playground-middleware-hapi#security-upgrade-steps)\n\n### Workarounds\n\nEnsure you properly sanitize *all* user input for options you use for whatever function to initialize GraphQLPlayground:\n\nfor example, with `graphql-playground-html` and express:\n\n```js\nconst { sanitizeUrl } = require(\u0027@braintree/sanitize-url\u0027);\n\nconst qs = require(\u0027querystringify\u0027);\n\nconst { renderPlaygroundPage } = require(\u0027graphql-playground-html\u0027);\n\nmodule.exports = (req, res, next) =\u003e {\n\tconst { endpoint } = qs.parse(req.url)\n\tres.html(renderPlaygroundPage({endpoint: sanitizeUrl(endpoint) })).status(200)\n\tnext()\n}\n```\n\nor, with `graphql-playground-express`:\n\n```js\nconst { expressPlayground } = require(\u0027graphql-playground-middleware-express\u0027);\nconst { sanitizeUrl } = require(\u0027@braintree/sanitize-url\u0027);\n\nconst qs = require(\u0027querystringify\u0027);\n\nconst { renderPlaygroundPage } = require(\u0027graphql-playground-html\u0027);\n\nmodule.exports = (req, res, next) =\u003e {\n\tconst { endpoint } = qs.parse(req.url)\n\tres.html(expressPlayground({endpoint: sanitizeUrl(endpoint) })).status(200)\n\tnext()\n}\n```\n\n### References\n\n- [OWASP: How to Test for CSS Reflection Attacks](https://github.com/OWASP/wstg/blob/master/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting.md)\n- [Original Report from Cure53](https://user-images.githubusercontent.com/1368727/84191028-dfb7b980-aa65-11ea-8e18-4b8706f538e2.jpg) (jpg)\n\n\n### Credits\n\nMasato Kinugawa of Cure53\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [graphql-playground](https://github.com/prisma-labs/graphql-playground/issues/new/choose)\n* Email us at [rikki.schulte@gmail.com](mailto:rikki.schulte@gmail.com)\n",
  "id": "GHSA-4852-vrh7-28rf",
  "modified": "2021-11-04T17:11:46Z",
  "published": "2020-06-09T00:24:57Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/graphql/graphql-playground/security/advisories/GHSA-4852-vrh7-28rf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/prisma-labs/graphql-playground/security/advisories/GHSA-4852-vrh7-28rf"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4038"
    },
    {
      "type": "WEB",
      "url": "https://github.com/prisma-labs/graphql-playground/commit/bf1883db538c97b076801a60677733816cb3cfb7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/prisma-labs/graphql-playground#security-details"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Reflected XSS in GraphQL Playground"
}

FKIE_CVE-2020-4038

Vulnerability from fkie_nvd - Published: 2020-06-08 21:15 - Updated: 2024-11-21 05:32

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/prisma-labs/graphql-playground#security-details	Third Party Advisory
security-advisories@github.com	https://github.com/prisma-labs/graphql-playground/commit/bf1883db538c97b076801a60677733816cb3cfb7	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/prisma-labs/graphql-playground/security/advisories/GHSA-4852-vrh7-28rf	Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/prisma-labs/graphql-playground#security-details	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/prisma-labs/graphql-playground/commit/bf1883db538c97b076801a60677733816cb3cfb7	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/prisma-labs/graphql-playground/security/advisories/GHSA-4852-vrh7-28rf	Mitigation, Third Party Advisory

Impacted products

Vendor	Product	Version
prisma	graphql-playground-html	*
prisma	graphql-playground-middleware-express	*
prisma	graphql-playground-middleware-hapi	*
prisma	graphql-playground-middleware-koa	*
prisma	graphql-playground-middleware-lambda	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:prisma:graphql-playground-html:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "ABADBEC8-9462-4D41-9CF2-AAE06F44B192",
              "versionEndExcluding": "1.6.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:prisma:graphql-playground-middleware-express:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "8277C213-ED4A-495C-8F78-3A6BAB562EEA",
              "versionEndExcluding": "1.7.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:prisma:graphql-playground-middleware-hapi:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "8FF9861D-5F51-4395-8399-B20E883D1AE4",
              "versionEndExcluding": "1.6.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:prisma:graphql-playground-middleware-koa:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "2CEB6EE1-895A-4729-9E77-64B758B1F8A9",
              "versionEndExcluding": "1.6.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:prisma:graphql-playground-middleware-lambda:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "A2DF5937-B97F-4B80-9258-4F289B450F3E",
              "versionEndExcluding": "1.7.17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GraphQL Playground (graphql-playground-html NPM package) before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage() method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Note that some of the associated dependent middleware packages are also affected including but not limited to graphql-playground-middleware-express before version 1.7.16, graphql-playground-middleware-koa before version 1.6.15, graphql-playground-middleware-lambda before version 1.7.17, and graphql-playground-middleware-hapi before 1.6.13."
    },
    {
      "lang": "es",
      "value": "GraphQL Playground (paquete Graphql-playground-html NPM) versi\u00f3n anterior a 1.6.22, presenta una grave vulnerabilidad de ataque de Reflexi\u00f3n XSS. Toda entrada de usuario no saneada que es pasada al m\u00e9todo renderPlaygroundPage() podr\u00eda desencadenar esta vulnerabilidad. Esto ha sido parcheado en graphql-playground-html versi\u00f3n 1.6.22. Tome en cuenta que algunos de los paquetes de middleware dependientes asociados tambi\u00e9n est\u00e1n afectados, incluidos, entre otros, graphql-playground-middleware-express versi\u00f3n anterior a 1.7.16, graphql-playground-middleware-koa versi\u00f3n anterior a 1.6.15, graphql-playground-middleware-lambda versi\u00f3n anterior a 1.7.17, y graphql-playground-middleware-hapi versi\u00f3n anterior a 1.6.13"
    }
  ],
  "id": "CVE-2020-4038",
  "lastModified": "2024-11-21T05:32:11.997",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-08T21:15:09.923",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/prisma-labs/graphql-playground#security-details"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/prisma-labs/graphql-playground/commit/bf1883db538c97b076801a60677733816cb3cfb7"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://github.com/prisma-labs/graphql-playground/security/advisories/GHSA-4852-vrh7-28rf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/prisma-labs/graphql-playground#security-details"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/prisma-labs/graphql-playground/commit/bf1883db538c97b076801a60677733816cb3cfb7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://github.com/prisma-labs/graphql-playground/security/advisories/GHSA-4852-vrh7-28rf"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-4038 (GCVE-0-2020-4038)

CNVD-2020-36614

GSD-2020-4038

GHSA-4852-VRH7-28RF

Impact

Patches

Workarounds

References

Credits

For more information

FKIE_CVE-2020-4038

Tags

Sightings

Nomenclature