Filtered by vendor Hasura
Subscriptions
Filtered by product Graphql Engine
Subscriptions
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-1020015 | 1 Hasura | 1 Graphql Engine | 2024-08-05 | N/A |
graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT. | ||||
CVE-2022-46792 | 1 Hasura | 1 Graphql Engine | 2024-08-03 | 8.8 High |
Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. (Versions before 2.10.0 are unaffected.) | ||||
CVE-2023-27588 | 1 Hasura | 1 Graphql Engine | 2024-08-02 | 7.5 High |
Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects with deployments that are publicly exposed and not protected by a WAF or other HTTP protection layer should be upgraded to version 1.3.4, 2.55.1, 2.20.1, or 2.21.0-beta1 to receive a patch. |
Page 1 of 1.