{"id":"CVE-2024-47082","summary":"Strawberry GraphQL Cross-Site Request Forgery (CSRF) vulnerability","details":"Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable to cross-site request forgery (CSRF) attacks if users did not explicitly enable CSRF preventing security mechanism for their servers. Additionally, the Django HTTP view integration, in particular, had an exemption for Django's built-in CSRF protection (i.e., the `CsrfViewMiddleware` middleware) by default. In affect, all Strawberry integrations were vulnerable to CSRF attacks by default. Version `v0.243.0` is the first `strawberry-graphql` including a patch.","aliases":["GHSA-79gp-q4wv-33fr","PYSEC-2024-171"],"modified":"2026-04-02T12:20:25.149112Z","published":"2024-09-25T17:48:24.065Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47082.json","cwe_ids":["CWE-352"],"cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://strawberry.rocks/docs/breaking-changes/0.243.0"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47082.json"},{"type":"ADVISORY","url":"https://github.com/strawberry-graphql/strawberry/security/advisories/GHSA-79gp-q4wv-33fr"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47082"},{"type":"FIX","url":"https://github.com/strawberry-graphql/strawberry/commit/37265b230e511480a9ceace492f9f6a484be1387"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/strawberry-graphql/strawberry","events":[{"introduced":"0"},{"fixed":"2f210673ee9e2b64128ce9eb47569aa644a61b96"}]}],"versions":["0.10.0","0.100.0","0.101.0","0.102.0","0.102.1","0.102.2","0.102.3","0.103.0","0.103.1","0.103.2","0.103.3","0.103.4","0.103.5","0.103.6","0.103.7","0.103.8","0.103.9","0.104.0","0.104.1","0.104.2","0.104.3","0.104.4","0.105.0","0.105.1","0.106.0","0.106.1","0.106.2","0.106.3","0.107.0","0.107.1","0.108.0","0.108.1","0.108.2","0.108.3","0.109.0","0.109.1","0.11.0","0.110.0","0.111.0","0.111.1","0.111.2","0.112.0","0.113.0","0.114.0","0.114.1","0.114.2","0.114.3","0.114.4","0.114.5","0.114.6","0.114.7","0.115.0","0.116.0","0.116.1","0.116.2","0.116.3","0.116.4","0.117.0","0.117.1","0.118.0","0.118.1","0.118.2","0.119.0","0.119.1","0.119.2","0.12.0","0.120.0","0.121.0","0.121.1","0.122.0","0.122.1","0.123.0","0.123.1","0.123.2","0.123.3","0.124.0","0.125.0","0.125.1","0.126.0","0.126.1","0.126.2","0.127.0","0.127.1","0.127.2","0.127.3","0.127.4","0.128.0","0.129.0","0.13.0","0.13.1","0.13.2","0.13.3","0.13.4","0.130.0","0.130.1","0.130.2","0.130.3","0.130.4","0.131.0","0.131.1","0.131.2","0.131.3","0.131.4","0.131.5","0.132.0","0.132.1","0.133.0","0.133.1","0.133.2","0.133.3","0.133.4","0.133.5","0.133.6","0.133.7","0.134.0","0.134.1","0.134.2","0.134.3","0.134.4","0.134.5","0.135.0","0.136.0","0.137.0","0.137.1","0.138.0","0.138.1","0.138.2","0.139.0","0.14.0","0.14.1","0.14.2","0.14.3","0.14.4","0.140.0","0.140.1","0.140.2","0.140.3","0.141.0","0.142.0","0.142.1","0.142.2","0.142.3","0.143.0","0.144.0","0.144.1","0.144.2","0.144.3","0.145.0","0.146.0","0.147.0","0.148.0","0.149.0","0.149.1","0.149.2","0.15.0","0.15.1","0.15.2","0.15.3","0.15.4","0.15.5","0.15.6","0.150.0","0.150.1","0.151.0","0.151.1","0.151.2","0.151.3","0.152.0","0.153.0","0.154.0","0.154.1","0.155.0","0.155.1","0.155.2","0.155.3","0.155.4","0.156.0","0.156.1","0.156.2","0.156.3","0.156.4","0.157.0","0.158.0","0.158.1","0.158.2","0.159.0","0.159.1","0.16.0","0.16.1","0.16.10","0.16.2","0.16.3","0.16.4","0.16.5","0.16.6","0.16.7","0.16.8","0.16.9","0.160.0","0.161.0","0.161.1","0.162.0","0.163.0","0.163.1","0.163.2","0.164.0","0.164.1","0.165.0","0.165.1","0.166.0","0.167.0","0.167.1","0.168.0","0.168.1","0.168.2","0.169.0","0.17.0","0.170.0","0.171.0","0.171.1","0.171.2","0.171.3","0.172.0","0.173.0","0.173.1","0.174.0","0.175.0","0.175.1","0.176.0","0.176.1","0.176.2","0.176.3","0.176.4","0.177.0","0.177.1","0.177.2","0.177.3","0.178.0","0.178.1","0.178.2","0.178.3","0.179.0","0.18.0","0.18.1","0.18.2","0.18.3","0.180.0","0.180.1","0.180.2","0.180.3","0.180.4","0.180.5","0.181.0","0.182.0","0.183.0","0.183.1","0.183.2","0.183.3","0.183.4","0.183.5","0.183.6","0.183.7","0.183.8","0.184.0","0.184.1","0.185.0","0.185.1","0.185.2","0.186.0","0.186.1","0.186.2","0.186.3","0.187.0","0.187.1","0.187.2","0.187.3","0.187.4","0.187.5","0.188.0","0.189.0","0.189.1","0.189.2","0.189.3","0.19.0","0.19.1","0.190.0","0.191.0","0.192.0","0.192.1","0.192.2","0.193.0","0.193.1","0.194.0","0.194.1","0.194.2","0.194.3","0.194.4","0.195.0","0.195.1","0.195.2","0.195.3","0.196.0","0.196.1","0.196.2","0.197.0","0.198.0","0.199.0","0.199.1","0.199.2","0.199.3","0.20.0","0.20.1","0.20.2","0.20.3","0.200.0","0.201.0","0.201.1","0.202.0","0.202.1","0.203.0","0.203.1","0.203.2","0.203.3","0.204.0","0.205.0","0.206.0","0.207.0","0.207.1","0.208.0","0.208.1","0.208.2","0.208.3","0.209.0","0.209.1","0.209.2","0.209.3","0.209.4","0.209.5","0.209.6","0.209.7","0.209.8","0.21.0","0.21.1","0.210.0","0.211.0","0.211.1","0.211.2","0.212.0","0.213.0","0.214.0","0.215.0","0.215.1","0.215.2","0.215.3","0.216.0","0.216.1","0.217.0","0.217.1","0.218.0","0.218.1","0.219.0","0.219.1","0.219.2","0.22.0","0.220.0","0.221.0","0.221.1","0.222.0","0.223.0","0.224.0","0.224.1","0.224.2","0.225.0","0.225.1","0.226.0","0.226.1","0.226.2","0.227.0","0.227.1","0.227.2","0.227.3","0.227.4","0.227.5","0.227.6","0.227.7","0.228.0","0.229.0","0.229.1","0.229.2","0.23.0","0.23.1","0.23.2","0.23.3","0.230.0","0.231.0","0.231.1","0.232.0","0.232.1","0.232.2","0.233.0","0.233.1","0.233.2","0.233.3","0.234.0","0.234.1","0.234.2","0.234.3","0.235.0","0.235.1","0.235.2","0.236.0","0.236.1","0.236.2","0.237.0","0.237.1","0.237.2","0.237.3","0.238.0","0.238.1","0.239.0","0.239.1","0.239.2","0.24.0","0.24.1","0.240.0","0.240.1","0.240.2","0.240.3","0.240.4","0.241.0","0.242.0","0.25.0","0.25.1","0.25.2","0.25.3","0.25.4","0.25.5","0.25.6","0.26.0","0.26.1","0.26.2","0.26.3","0.27.0","0.27.1","0.27.2","0.27.3","0.27.4","0.27.5","0.28.0","0.28.1","0.28.2","0.28.3","0.28.4","0.28.5","0.29.0","0.29.1","0.30.0","0.30.1","0.31.0","0.31.1","0.32.0","0.32.1","0.32.2","0.32.3","0.32.4","0.33.0","0.33.1","0.34.0","0.34.1","0.34.2","0.35.0","0.35.1","0.35.2","0.35.3","0.35.4","0.35.5","0.36.0","0.36.1","0.36.2","0.36.3","0.36.4","0.37.0","0.37.1","0.37.2","0.37.3","0.37.4","0.37.5","0.37.6","0.37.7","0.38.0","0.38.1","0.39.0","0.39.1","0.39.2","0.39.3","0.39.4","0.40.0","0.40.1","0.40.2","0.41.0","0.41.1","0.42.0","0.42.1","0.42.2","0.42.3","0.42.4","0.42.5","0.42.6","0.42.7","0.43.0","0.43.1","0.43.2","0.44.0","0.44.1","0.44.10","0.44.11","0.44.12","0.44.2","0.44.3","0.44.4","0.44.5","0.44.6","0.44.7","0.44.8","0.44.9","0.45.0","0.45.1","0.45.2","0.45.3","0.45.4","0.46.0","0.47.0","0.47.1","0.48.0","0.48.1","0.48.2","0.48.3","0.49.0","0.49.1","0.49.2","0.5.6","0.50.0","0.50.1","0.50.2","0.50.3","0.51.0","0.51.1","0.52.0","0.52.1","0.53.0","0.53.1","0.53.2","0.53.3","0.53.4","0.54.0","0.55.0","0.56.0","0.56.1","0.56.2","0.56.3","0.57.0","0.57.1","0.57.2","0.57.3","0.57.4","0.58.0","0.59.0","0.59.1","0.6.0","0.60.0","0.61.0","0.61.1","0.61.2","0.61.3","0.62.0","0.62.1","0.63.0","0.63.1","0.63.2","0.64.0","0.64.1","0.64.2","0.64.3","0.64.4","0.64.5","0.65.0","0.65.1","0.65.2","0.65.3","0.65.4","0.65.5","0.66.0","0.67.0","0.67.1","0.68.0","0.68.1","0.68.2","0.68.3","0.68.4","0.69.0","0.69.1","0.69.2","0.69.3","0.69.4","0.7.0","0.70.0","0.70.1","0.70.2","0.70.3","0.70.4","0.71.0","0.71.1","0.71.2","0.71.3","0.72.0","0.72.1","0.72.2","0.72.3","0.73.0","0.73.1","0.73.2","0.73.3","0.73.4","0.73.5","0.73.6","0.73.7","0.73.8","0.73.9","0.74.0","0.74.1","0.75.0","0.75.1","0.76.0","0.76.1","0.77.0","0.77.1","0.77.10","0.77.11","0.77.12","0.77.2","0.77.3","0.77.4","0.77.5","0.77.6","0.77.7","0.77.8","0.77.9","0.78.0","0.78.1","0.78.2","0.79.0","0.8.0","0.80.0","0.80.1","0.80.2","0.81.0","0.82.0","0.82.1","0.82.2","0.83.0","0.83.1","0.83.2","0.83.3","0.83.4","0.83.5","0.83.6","0.84.0","0.84.1","0.84.2","0.84.3","0.84.4","0.85.0","0.85.1","0.86.0","0.86.1","0.87.0","0.87.1","0.87.2","0.87.3","0.88.0","0.89.0","0.89.1","0.89.2","0.9.0","0.9.1","0.90.0","0.90.1","0.90.2","0.90.3","0.91.0","0.92.0","0.92.1","0.92.2","0.93.0","0.93.1","0.93.10","0.93.11","0.93.12","0.93.13","0.93.14","0.93.15","0.93.16","0.93.17","0.93.18","0.93.19","0.93.2","0.93.20","0.93.21","0.93.22","0.93.23","0.93.3","0.93.4","0.93.5","0.93.6","0.93.7","0.93.8","0.93.9","0.94.0","0.95.0","0.95.1","0.95.2","0.95.3","0.95.4","0.95.5","0.96.0","0.97.0","0.98.0","0.98.1","0.98.2","0.99.0","0.99.1","0.99.2","0.99.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47082.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L"}]}