CNNVD-202509-4039 Information
CNNVD ID
CNNVD-202509-4039
Related CVE
- CNNVD Published: 2025-09-26
Description (Chinese)
Apollo Studio Embeddable Explorer & Embeddable Sandbox是Apollo GraphQL开源的一个向量化工具。 Apollo Studio Embeddable Explorer & Embeddable Sandbox存在跨站请求伪造漏洞,该漏洞源于客户端代码处理window.postMessage事件时缺少来源验证,可能导致跨站请求伪造攻击。
Description (English)
Apollo Staudio Embeddable Explorer & Embeddable Sandbox is an open-source quantitative tool for Apollo GraphQL. Apollo Staudio Embeddable Explorer & Embeddable Sandbox has a cross-site request for forgery loophole, which stems from the lack of source verification of the client-end code handling the window.postMessage incident, which may lead to cross-site requests for forgery attacks.
Hazard Level
High
Vulnerability Type
跨站请求伪造
Affected Vendor
Apollo GraphQL
Published
2025-09-26
Last Modified
2026-02-24
References
https://github.com/apollographql/embeddable-explorer/security/advisories/GHSA-w87v-7w53-wwxv https://access.redhat.com/security/cve/cve-2025-59845
Patch
https://github.com/apollographql/embeddable-explorer/releases
Share on: