@graphql-mesh/runtime is vulnerable to variable reuse in cached queries. The vulnerability is due to the LRU-based cache retention of DocumentNode, which prevents updated variables, including authentication tokens, from being applied in subsequent requests. It allows an attacker to force a victim to use a fixed token, potentially gaining unauthorized access to their session or…Read More
Variable Reuse In Cached Queries
