File upload vulnerability? #3957
Unanswered
petarbiocic-pontis
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi.
I'm working on a Yoga GraphQL backend that has to receive files, and a colleague notified my team about this:
GHSA-2p3c-p3qw-69r4
Now, I know there is a CSRF Prevention plugin for Yoga that can handle the CORS issue but I am more worried about someone sending mutations that are executed. I don't see how a CSRF token would stop that since the attacker can just see the token that is sent from the web site by attempting to send, looking at the sent request's headers and then using it in another request to send the mutation successfully? Does Yoga handle this issue out-of-the-box or shoud some plugin be used?
Beta Was this translation helpful? Give feedback.
All reactions