exploitDog

CVE-2021-47713

Опубликовано: 22 дек. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resources and potentially crash the GraphQL endpoint.

Ссылки

https://github.com/hasura/graphql-engine
Product
https://www.exploit-db.com/exploits/49789
Exploit
https://www.vulncheck.com/advisories/hasura-graphql-denial-of-service-via-malicious-graphql-query
Third Party Advisory
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hasura:graphql_engine:1.3.3:*:*:*:*:*:*:*

EPSS

Процентиль: 16%

0.00051

Низкий

7.5 High

CVSS3

Дефекты

CWE-770

Связанные уязвимости

GHSA-c963-4j6g-xhmv

CVSS3: 7.5

github

около 2 месяцев назад

Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resources and potentially crash the GraphQL endpoint.

EPSS

Процентиль: 16%

0.00051

Низкий

7.5 High

CVSS3

Дефекты

CWE-770