PT-2025-52689 · Hasura · Hasura Graphql
Dolev Farhi
·
Published
2025-12-22
·
Updated
2025-12-26
·
CVE-2021-47713
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Hasura GraphQL version 1.3.3
Description
The software is susceptible to a denial of service condition. Attackers can exploit this by sending specially crafted GraphQL queries containing deeply nested fields. These queries are designed to consume significant server resources, potentially leading to service disruption or crashes. Repeated requests with long query strings and multiple threads can exacerbate the impact.
Recommendations
Update to a newer version that contains a fix for this vulnerability.
Exploit
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hasura Graphql