Unrated severityOSV Advisory· Published Dec 22, 2025· Updated Dec 22, 2025

Hasura GraphQL 1.3.3 Denial of Service via Malicious GraphQL Query

CVE-2021-47713

Description

Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resources and potentially crash the GraphQL endpoint.

Affected products

Hasura/Graphql EngineOSV
Range: v1.0.0-alpha0, v1.0.0-alpha01, v1.0.0-alpha02, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/49789mitreexploit
www.vulncheck.com/advisories/hasura-graphql-denial-of-service-via-malicious-graphql-querymitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000