Vulnerability	Vulnerable Version
M Cross-Site Request Forgery (CSRF) strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) due to the default settings of exemption from Django's `CsrfViewMiddleware` protection and support for multipart file uploads, in all integrations. Note: After the fix, clients need to send CSRF tokens with every request. How to fix Cross-Site Request Forgery (CSRF)? Upgrade `strawberry-graphql` to version 0.243.0 or higher.	[,0.243.0)
M Race Condition strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to Race Condition when confirming `GQL` subscriptions, due to missing checks in the `strawberry/channels/handlers/base.py` file. How to fix Race Condition? Upgrade `strawberry-graphql` to version 0.193.0 or higher.	[,0.193.0)
M SQL Injection strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to SQL Injection due to a lack of validations against malicious queries. How to fix SQL Injection? Upgrade `strawberry-graphql` to version 0.71.0 or higher.	[,0.71.0)

Go back to all versions of this package