HIGH🇵🇱 Wersja polska

CVE-2022-46792

CVSS 8.8v3.1pub. 2022-12-08upd. 2025-04-23

Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. (Versions before 2.10.0 are unaffected.)

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Hasura Graphql Engine

    APP
    Hasura
    2.12.02.14.02.10.0 – 2.10.2 (bez)2.11.0 – 2.11.3 (bez)2.13.0 – 2.13.2 (bez)2.15.0 – 2.15.2 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-47748CRITICAL9.3PL ✓ten sam produkt

RCE w Hasura GraphQL Engine przez COPY FROM PROGRAM

CVE-2021-47713HIGH8.7ten sam produkt

Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service...

CVE-2023-27588HIGH7.5ten sam produkt

Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has ...

CVE-2019-1020015HIGH7.5ten sam produkt

graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying J...

CVE-2021-47714MEDIUM6.9ten sam produkt

Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files thr...