CVE-2020-4038: Cross-site Scripting

June 8, 2020 (updated June 12, 2020)

GraphQL Playground (graphql-playground-html NPM package) has a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage() method could trigger this vulnerability.

References

nvd.nist.gov/vuln/detail/CVE-2020-4038

Detect and mitigate CVE-2020-4038 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →