Home > Vulnerability Database > WS-2023-0175

Mend.io Vulnerability Database

WS-2023-0175

Good to know:

Date: November 3, 2024

@apollo/server from 4.0.0 before 4.7.4 is vulnerable to unsafe application of Content Security Policy via reused nonces. Improper application of CSP fails to prevent XSS in the event that there is a viable attack vector for an XSS attack. all users of Apollo Server's landing pages have a vulnerability which won't be prevented by the current CSP implemented by the landing pages.

Language: JS

Severity Score

6.1

Related Resources (4)

Url: https://github.com/apollographql/apollo-server/security/advisories/GHSA-68jh-rf6x-836f

Url: https://github.com/apollographql/apollo-server

Url: https://github.com/apollographql/apollo-server/commit/0adaf80d1ee51d8c7e5fd863c04478536d15eb8c

Url: https://www.mend.io/vulnerability-database/WS-2023-0175

Severity Score

6.1

Weakness Type (CWE)

Reusing a Nonce, Key Pair in Encryption

CWE-323

Top Fix

Upgrade Version

Upgrade to version @apollo/server - 4.7.4

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2023-0175

Good to know:

Date: November 3, 2024

Language: JS

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?