2 matches found
CVE-2023-27588
CVE-2023-27588 describes an unauthenticated path traversal vulnerability in Hasura GraphQL Engine. Affected are self-hosted Hasura deployments that are publicly exposed and not protected by a WAF or HTTP protections; Hasura Cloud deployments are not vulnerable. The issue is triggered by improper ...
CVE-2023-27588 Unauthenticated path traversal vulnerability in Hasura GraphQL Engine
Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects...