← back
CVE-2021-47713

Hasura GraphQL 1.3.3 Denial of Service via Malicious GraphQL Query

CVSS 8.7 HIGHEPSS 0.4%CWE-770
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.7EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
22 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resources and potentially crash the GraphQL endpoint.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected products
Hasura · Hasura GraphQL

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/hasura/graphql-enginehttps://www.exploit-db.com/exploits/49789https://www.vulncheck.com/advisories/hasura-graphql-denial-of-service-via-malicious-graphql-query