Speedy1991

**Name of the Vulnerable Software and Affected Versions** Strawberry GraphQL versions prior to 0.243.0 **Description** The issue concerns Strawberry GraphQL, a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support was enabled by default in all Strawberry HTTP view integrations, making them vulnerable to cross-site request forgery (CSRF) attacks if users did not explicitly enable CSRF preventing security mechanisms for their servers. The Django HTTP view integration had an exemption for Django's built-in CSRF protection by default, making all Strawberry integrations vulnerable to CSRF attacks by default. **Recommendations** For versions prior to 0.243.0, update to version 0.243.0 or later to resolve the issue. As a temporary workaround, consider disabling multipart file upload support in Strawberry HTTP view integrations until a patch is applied. Restrict access to the Django HTTP view integration to minimize the risk of exploitation. Avoid relying solely on Django's built-in CSRF protection for the Django HTTP view integration.