CNNVD-202512-3941 Information

CNNVD ID

CNNVD-202512-3941

Related CVE

CVE-2021-47715

• CNNVD Published: 2025-12-22

Description (Chinese)

Hasura GraphQL Engine是Hasura开源的一个非常快速的 GraphQL 服务器。 Hasura GraphQL Engine 1.3.3版本存在代码问题漏洞，该漏洞源于远程模式URL注入可能导致服务端请求伪造。

Description (English)

Hasura GraphQL Engineering is a very fast GraphQL server for Hasura open source. Hasura GraphQL Engineering 1.3.3 has a code problem loophole, which stems from a remote mode URL injection that may result in the forgery of service-level requests.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Hasura

Published

2025-12-22

Last Modified

2026-02-24

References

https://github.com/hasura/graphql-engine https://www.exploit-db.com/exploits/49791 https://www.vulncheck.com/advisories/hasura-graphql-server-side-request-forgery-via-remote-schema-injection