CVE-2021-47713 — HIGH (7.5)

Vulnerability Description

Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resources and potentially crash the GraphQL endpoint.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hasura	Graphql Engine	1.3.3

Related Weaknesses (CWE)

CWE-770

References

https://github.com/hasura/graphql-engineProduct
https://www.exploit-db.com/exploits/49789Exploit
https://www.vulncheck.com/advisories/hasura-graphql-denial-of-service-via-maliciThird Party AdvisoryExploit

FAQ

What is CVE-2021-47713?

CVE-2021-47713 is a vulnerability with a CVSS score of 7.5 (HIGH). Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send re...

How severe is CVE-2021-47713?

CVE-2021-47713 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-47713?

Check the references section above for vendor advisories and patch information. Affected products include: Hasura Graphql Engine.