Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resources and potentially crash the GraphQL endpoint.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XHasura Graphql Engine
APPHasura1.3.3
Related vulnerabilities
RCE w Hasura GraphQL Engine przez COPY FROM PROGRAM
Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has ...
Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres bac...
graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying J...
Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files thr...