Description
Your web application is running with GraphiQL Explorer/Playground enabled within a production environment. GraphiQL Explorer/Playground is an interactive in-browser GraphQL Integrated Development Environment (IDE) that allows developers to explore, test, and debug GraphQL queries and mutations. It provides a user-friendly interface for working with GraphQL APIs, making it easy to visualize the API schema, write queries, and see real-time results. GraphiQL is an open-source project maintained by the GraphQL Foundation.
Remediation
Disable GraphiQL Explorer/Playground: Ensure that the GraphiQL Explorer or Playground is disabled in production environments. It should only be enabled in development or staging environments with restricted access.
References
Related Vulnerabilities
WordPress Plugin GiveWP-Donation and Fundraising Platform Information Disclosure (2.20.2)
Lucee Stacktrace Information Disclosure
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4901)
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-3628)