Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) in apollo-server.
Advisories for Npm/Apollo-Server package
2022
2021
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in apollo-server.
2020
Introspection in schema validation in Apollo Server
If subscriptions: false is passed to the ApolloServer constructor options, there is no impact. If implementors were not expecting validation rules to be enforced on the WebSocket subscriptions transport and are unconcerned about introspection being enabled on the WebSocket subscriptions transport (or were not expecting that), then this advisory is not applicable. If introspection: true is passed to the ApolloServer constructor options, the impact is limited to user-provided validation rules …