CNNVD-202601-3414 Information
Jan 21, 2026
cve
CNNVD ID
CNNVD-202601-3414
Related CVE
- CNNVD Published: 2026-01-21
Description (Chinese)
Hasura GraphQL Engine是Hasura开源的一个非常快速的 GraphQL 服务器。 Hasura GraphQL Engine 1.3.3版本存在操作系统命令注入漏洞,该漏洞源于通过SQL查询操作存在远程代码执行,可能导致执行任意shell命令。
Description (English)
Hasura GraphQL Engineering is a very fast GraphQL server for Hasura open source. Hasura GraphQL Engineering 1.3.3 has an operational system command leak, which arises from the presence of a remote code through SQL query, which may result in the execution of any shell command.
Hazard Level
Low
Vulnerability Type
操作系统命令注入
Affected Vendor
Hasura
Published
2026-01-21
Last Modified
2026-02-24
References
https://github.com/hasura/graphql-engine https://www.exploit-db.com/exploits/49802 https://www.vulncheck.com/advisories/hasura-graphql-remote-code-execution
Patch
https://github.com/hasura/graphql-engine
Share on: