graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NHasura Graphql Engine
APPHasura1.0.0< 1.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2021-47748CRITICAL9.3PL ✓ten sam produkt
RCE w Hasura GraphQL Engine przez COPY FROM PROGRAM
CVE-2021-47713HIGH8.7ten sam produkt
Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service...
CVE-2023-27588HIGH7.5ten sam produkt
Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has ...
CVE-2022-46792HIGH8.8ten sam produkt
Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres bac...
CVE-2021-47714MEDIUM6.9ten sam produkt
Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files thr...