CVE-2021-47714
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-22

Last updated on: 2025-12-27

Assigner: VulnCheck

Description
Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files through SQL injection in the query endpoint. Attackers can exploit the pg_read_file() PostgreSQL function by crafting malicious SQL queries to read arbitrary files on the server.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-22
Last Modified
2025-12-27
Generated
2026-06-16
AI Q&A
2025-12-23
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47714
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hasura graphql_engine 1.3.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2021-47714 is a local file read vulnerability in Hasura GraphQL version 1.3.3. Attackers can exploit a SQL injection flaw in the GraphQL query endpoint to execute malicious SQL commands. Specifically, they use the PostgreSQL function pg_read_file() to read arbitrary files on the server hosting Hasura GraphQL. This allows unauthorized access to sensitive system files without needing authentication or user interaction. [2, 3]

Impact Analysis

This vulnerability can allow attackers to read sensitive files on the server running Hasura GraphQL, potentially exposing confidential information such as system configuration, user data, or credentials. Since the exploit requires no authentication and has low complexity, it poses a significant risk of unauthorized data disclosure and could lead to further attacks or system compromise. [2, 3]

Detection Guidance

This vulnerability can be detected by sending crafted HTTP POST requests to the /v1/query endpoint of the Hasura GraphQL server, containing malicious SQL queries that use the PostgreSQL pg_read_file() function to attempt reading arbitrary files. For example, a command using curl could be constructed to send a JSON payload with a run_sql command that tries to read /etc/passwd. Additionally, a Python script using the requests library can be used to automate this detection by sending such payloads and checking the response for file contents. The exploit involves sending a POST request with a JSON body like: {"type": "run_sql", "args": {"sql": "SELECT pg_read_file('../../../../../../../../../etc/passwd',0,1000);"}} to the /v1/query endpoint. If the response contains file content, the system is vulnerable. [2]

Mitigation Strategies

Immediate mitigation steps include upgrading Hasura GraphQL Engine from version 1.3.3 to a version where this vulnerability is fixed, as the issue arises from SQL injection in the query endpoint. Additionally, restricting access to the /v1/query endpoint to trusted users or networks, implementing proper input validation and sanitization, and applying network-level controls to limit exposure can help reduce risk. Monitoring and blocking suspicious POST requests attempting to exploit pg_read_file() can also be effective. Since the vulnerability requires no authentication, limiting exposure and patching are critical. [1, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47714. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart