CVE-2023-27588

CVSS V2 None CVSS V3 None
Description
Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects with deployments that are publicly exposed and not protected by a WAF or other HTTP protection layer should be upgraded to version 1.3.4, 2.55.1, 2.20.1, or 2.21.0-beta1 to receive a patch.
Overview
  • CVE ID
  • CVE-2023-27588
  • Assigner
  • security-advisories@github.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-03-14T18:15:10
  • Last Modified Date
  • 2023-03-21T13:43:20
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:hasura:graphql_engine:*:*:*:*:*:*:*:* 1 OR 1.3.4
cpe:2.3:a:hasura:graphql_engine:*:*:*:*:*:*:*:* 1 OR 2.0.0 2.11.5
cpe:2.3:a:hasura:graphql_engine:*:*:*:*:*:*:*:* 1 OR 2.12.0 2.20.1
History
Created Old Value New Value Data Type Notes
2023-04-17 06:29:07 Added to TrackCVE
2023-04-17 06:29:08 Weakness Enumeration new