Описание
Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects with deployments that are publicly exposed and not protected by a WAF or other HTTP protection layer should be upgraded to version 1.3.4, 2.55.1, 2.20.1, or 2.21.0-beta1 to receive a patch.
Ссылки
- Patch
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Vendor Advisory
- Patch
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.3.4 (исключая)Версия от 2.0.0 (включая) до 2.11.5 (исключая)Версия от 2.12.0 (включая) до 2.20.1 (исключая)
Одно из
cpe:2.3:a:hasura:graphql_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:hasura:graphql_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:hasura:graphql_engine:*:*:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.00526
Низкий
7.5 High
CVSS3
Дефекты
CWE-22
CWE-22
EPSS
Процентиль: 66%
0.00526
Низкий
7.5 High
CVSS3
Дефекты
CWE-22
CWE-22