Hasura · Hasura Graphql Engine · CVE-2022-46792
**Name of the Vulnerable Software and Affected Versions**
Hasura GraphQL Engine versions prior to 2.10.0 are not affected, but versions from 2.10.0 through 2.15.1 are affected, excluding fixed versions 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2.
To simplify, the affected versions are:
Hasura GraphQL Engine versions 2.10.0 through 2.10.1, 2.11.0 through 2.11.2, 2.12.0, 2.13.0 through 2.13.1, 2.14.0, and 2.15.0 through 2.15.1.
**Description**
The issue concerns the mishandling of row-level authorization in the Update Many API for Postgres backends.
**Recommendations**
For versions 2.10.0 through 2.10.1, update to version 2.10.2.
For versions 2.11.0 through 2.11.2, update to version 2.11.3.
For version 2.12.0, update to version 2.12.1.
For versions 2.13.0 through 2.13.1, update to version 2.13.2.
For version 2.14.0, update to version 2.14.1.
For versions 2.15.0 through 2.15.1, update to version 2.15.2.