Описание
Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. (Versions before 2.10.0 are unaffected.)
Ссылки
- PatchThird Party Advisory
- Mailing ListPatchThird Party Advisory
- MitigationVendor Advisory
- PatchThird Party Advisory
- Mailing ListPatchThird Party Advisory
- MitigationVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.10.0 (включая) до 2.10.2 (исключая)Версия от 2.11.0 (включая) до 2.11.3 (исключая)Версия от 2.13.0 (включая) до 2.13.2 (исключая)Версия от 2.15.0 (включая) до 2.15.2 (исключая)
Одно из
cpe:2.3:a:hasura:graphql_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:hasura:graphql_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:hasura:graphql_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:hasura:graphql_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:hasura:graphql_engine:2.12.0:-:*:*:*:*:*:*
cpe:2.3:a:hasura:graphql_engine:2.12.0:beta1:*:*:*:*:*:*
cpe:2.3:a:hasura:graphql_engine:2.14.0:-:*:*:*:*:*:*
cpe:2.3:a:hasura:graphql_engine:2.14.0:beta1:*:*:*:*:*:*
cpe:2.3:a:hasura:graphql_engine:2.14.0:beta2:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00504
Низкий
8.8 High
CVSS3
Дефекты
CWE-863
CWE-863
Связанные уязвимости
CVSS3: 8.8
github
около 3 лет назад
Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. (Versions before 2.10.0 are unaffected.)
EPSS
Процентиль: 65%
0.00504
Низкий
8.8 High
CVSS3
Дефекты
CWE-863
CWE-863