← voltar
CVE-2021-47713

Hasura GraphQL 1.3.3 Denial of Service via Malicious GraphQL Query

CVSS 8.7 HIGHEPSS 0.4%CWE-770
Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resources and potentially crash the GraphQL endpoint.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Hasura · Hasura GraphQL

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/hasura/graphql-enginehttps://www.exploit-db.com/exploits/49789https://www.vulncheck.com/advisories/hasura-graphql-denial-of-service-via-malicious-graphql-query