Lucene search

Graphql Engine Security Vulnerabilities

cve

CVE-2019-1020015

graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT.

7.5CVSS

7.5AI Score

0.001EPSS

2019-07-29 01:15 PM

cve

CVE-2022-46792

Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. (Versions before 2.10.0 are unaffected.)

8.8CVSS

8.7AI Score

0.001EPSS

2022-12-08 06:15 AM

cve

CVE-2023-27588

Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects wit...

7.5CVSS

8AI Score

0.001EPSS

2023-03-14 06:15 PM