Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects with deployments that are publicly exposed and not protected by a WAF or other HTTP protection layer should be upgraded to version 1.3.4, 2.55.1, 2.20.1, or 2.21.0-beta1 to receive a patch.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NHasura Graphql Engine
APPHasura< 1.3.42.0.0 – 2.11.5 (bez)2.12.0 – 2.20.1 (bez)
Related vulnerabilities
RCE w Hasura GraphQL Engine przez COPY FROM PROGRAM
Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service...
Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres bac...
graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying J...
Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files thr...