strawberry-graphql@0.140.1.dev1667918300 vulnerabilities

A library for creating GraphQL APIs

Direct Vulnerabilities

Known vulnerabilities in the strawberry-graphql package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-Site Request Forgery (CSRF)

strawberry-graphql is an A library for creating GraphQL APIs

Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) due to the default settings of exemption from Django's CsrfViewMiddleware protection and support for multipart file uploads, in all integrations.

Note: After the fix, clients need to send CSRF tokens with every request.

How to fix Cross-Site Request Forgery (CSRF)?

Upgrade strawberry-graphql to version 0.243.0 or higher.

[,0.243.0)
  • M
Race Condition

strawberry-graphql is an A library for creating GraphQL APIs

Affected versions of this package are vulnerable to Race Condition when confirming GQL subscriptions, due to missing checks in the strawberry/channels/handlers/base.py file.

How to fix Race Condition?

Upgrade strawberry-graphql to version 0.193.0 or higher.

[,0.193.0)