CVE-2021-47713 HIGH

CVE-2021-47713: Hasura GraphQL 1.3.3 Denial of Service via Malicious GraphQL Query

Vendor Hasura
Product Hasura GraphQL
Weakness CWE-770 · Uncontrolled resource consumption
Published December 22, 2025
Last update December 22, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resources and potentially crash the GraphQL endpoint.

Key dates

02Disclosure timeline

December 22, 2025 CVE published
December 22, 2025 Record updated