CVE-2021-47713

High CVSS: 8.7

Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resources and potentially crash the GraphQL endpoint.

Vendor

Hasura

Product

Graphql Engine

CWE

CWE-770

Yayın Tarihi

2025-12-22 22:15:58

Güncelleme

2025-12-26 16:56:27

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-770 Graphql Engine HIGH Hasura 2025

Referanslar

https://github.com/hasura/graphql-engine https://www.exploit-db.com/exploits/49789 https://www.vulncheck.com/advisories/hasura-graphql-denial-of-service-via-malicious-graphql-query

Benzer Kayıtlar

Critical

CVE-2021-47748

Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell com…

Medium

CVE-2021-47715

Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers to inject arbitrary remo…

Medium

CVE-2021-47714

Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files through SQL i…