Vulnerability Details CVE-2021-47748
Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL query manipulation. Attackers can inject commands into the run_sql endpoint by crafting malicious GraphQL queries that execute system commands through PostgreSQL's COPY FROM PROGRAM functionality.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.3%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2021-47748
-
cpe:2.3:a:hasura:graphql_engine:1.3.3