MEDIUM
GHSA-5c7w-4wm3-85vw
@asymmetric-effort/specifyjs: GraphQL gql tag allows metacharacter injection
상세
## Finding
**Location**: `core/src/client/graphql.ts:66-80`
The `gql` template tag function warned about interpolated values containing GraphQL metacharacters (`{}():`) but still concatenated them into the query string, enabling potential GraphQL injection.
## Status
**Fixed in v0.2.136** — The `gql` function now throws an error when metacharacters are detected in interpolated values, forcing developers to use the `variables` parameter.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
npm / @asymmetric-effort/specifyjs
최초 영향 버전:
0 수정 버전: 0.2.136 수정
npm install @asymmetric-effort/specifyjs@0.2.136