Hasura GraphQL Engine: Operating System Command Injection Vulnerability

Hasura GraphQL Engine is a very fast GraphQL server developed by Hasura as open source. Version 1.3.3 of Hasura GraphQL Engine contains a vulnerability related to operating system command injection. This vulnerability stems from SQL queries that allow remote code execution, potentially enabling t...

Hasura GraphQL Engine SQL注入漏洞

Hasura GraphQL Engine is a very fast GraphQL server from Hasura open source. A SQL injection vulnerability exists in Hasura GraphQL Engine version 1.3.3, which stems from the fact that SQL injection may result in local file reads...

Hasura GraphQL Engine 安全漏洞

Hasura GraphQL Engine is a very fast GraphQL server from Hasura Open Source. A security vulnerability exists in Hasura GraphQL Engine version 1.3.3 that stems from a malicious GraphQL query that could lead to a denial of service attack...

Hasura GraphQL Engine 代码问题漏洞

Hasura GraphQL Engine is a very fast GraphQL server from Hasura open source. A code issue vulnerability exists in Hasura GraphQL Engine version 1.3.3, which stems from a remote schema URL injection that could lead to server-side request forgery...

EUVD-2019-2061

Malware in sbrugna...

EUVD-2022-49574

Malicious code in bioql PyPI...

CVE-2023-27588

Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects...

CVE-2022-46792

Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. Versions before 2.10.0 are unaffected...

CVE-2019-1020015

graphql-engine aka Hasura GraphQL Engine before 1.0.0-beta.3 mishandles the audience check while verifying JWT...

CVE-2023-27588 Unauthenticated path traversal vulnerability in Hasura GraphQL Engine

Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects...

Hasura GraphQL Engine 路径遍历漏洞

Hasura GraphQL Engine is a very fast GraphQL server from Hasura open source. A security vulnerability exists in Hasura GraphQL Engine that stems from a path traversal vulnerability...

PT-2023-21229 · Hasura · Hasura Graphql Engine

Name of the Vulnerable Software and Affected Versions: Hasura GraphQL Engine versions prior to 1.3.4 Hasura GraphQL Engine versions prior to 2.55.1 Hasura GraphQL Engine versions prior to 2.20.1 Hasura GraphQL Engine versions prior to 2.21.0-beta1 Description: A path traversal vulnerability has...

CVE-2022-46792

Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. Versions before 2.10.0 are unaffected...

CVE-2022-46792

Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. Versions before 2.10.0 are unaffected...

Hardcoded credentials

Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. Versions before 2.10.0 are unaffected...

PT-2022-27980 · Hasura · Hasura Graphql Engine

Name of the Vulnerable Software and Affected Versions: Hasura GraphQL Engine versions prior to 2.10.0 are not affected, but versions from 2.10.0 through 2.15.1 are affected, excluding fixed versions 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. To simplify, the affected versions are: Hasura...

CVE-2022-46792

Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. Versions before 2.10.0 are unaffected...

CVE-2019-1020015

graphql-engine aka Hasura GraphQL Engine before 1.0.0-beta.3 mishandles the audience check while verifying JWT...

CVE-2019-1020015

CVE-2019-1020015 affects graphql-engine (Hasura GraphQL Engine) prior to 1.0.0-beta.3, which mishandles the audience check during JWT verification. The evidence in connected documents confirms the vendor/product and the root cause without additional exploit details. Remediation is to upgrade to 1...

CVE-2019-1020015

graphql-engine aka Hasura GraphQL Engine before 1.0.0-beta.3 mishandles the audience check while verifying JWT...