CVE-2026-63397
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
6.4 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Vulnerability Description
remorses/genql before version 6.3.4 allows an authenticated attacker with control of the GraphQL schema that is passed to genql to inject arbitrary JavaScript or TypeScript. The malicious code is injected into the generated schema.ts file and executes when the genql client is bundled and imported.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-116
Source
NVD
Vendor
remorses
Product
genql
Discussion (0)
Add Comment
No comments yet. Be the first!