Home

Description

Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resources and potentially crash the GraphQL endpoint.

PUBLISHED Reserved 2025-12-05 | Published 2025-12-22 | Updated 2025-12-22 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

Allocation of Resources Without Limits or Throttling

Product status

1.3.3
affected

Credits

Dolev Farhi finder

References

www.exploit-db.com/exploits/49789 (ExploitDB-49789) exploit

github.com/hasura/graphql-engine (Hasura GraphQL Engine GitHub Repository) product

www.vulncheck.com/...-of-service-via-malicious-graphql-query (VulnCheck Advisory: Hasura GraphQL 1.3.3 Denial of Service via Malicious GraphQL Query) third-party-advisory

cve.org (CVE-2021-47713)

nvd.nist.gov (CVE-2021-47713)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.