HIGH🇵🇱 Wersja polska

CVE-2021-47713

CVSS 8.7v4.0pub. 2025-12-22upd. 2025-12-26

Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resources and potentially crash the GraphQL endpoint.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Hasura Graphql Engine

    APP
    Hasura
    1.3.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2021-47748CRITICAL9.3PL ✓ten sam produkt

RCE w Hasura GraphQL Engine przez COPY FROM PROGRAM

CVE-2023-27588HIGH7.5ten sam produkt

Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has ...

CVE-2022-46792HIGH8.8ten sam produkt

Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres bac...

CVE-2019-1020015HIGH7.5ten sam produkt

graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying J...

CVE-2021-47714MEDIUM6.9ten sam produkt

Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files thr...