CVE-2021-47715
BaseFortify
Publication date: 2025-12-22
Last updated on: 2025-12-26
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hasura | graphql_engine | 1.3.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47715 is a Server-Side Request Forgery (SSRF) vulnerability in Hasura GraphQL version 1.3.3. It allows attackers to inject arbitrary remote schema URLs through the add_remote_schema endpoint by sending crafted POST requests to the /v1/query endpoint. This causes the Hasura server to make HTTP requests to attacker-controlled or internal URLs, potentially exposing internal network resources. [2, 3]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to make the Hasura server send arbitrary HTTP requests to internal or external systems. This can lead to unauthorized access to internal network resources that are normally inaccessible, potentially exposing sensitive information or enabling further attacks within the network. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crafted POST requests to the /v1/query endpoint that include a 'bulk' type request with an 'add_remote_schema' action containing arbitrary remote schema URLs. A practical detection method is to inspect HTTP POST traffic to the Hasura GraphQL API for such payloads. For example, using curl or similar tools, you can attempt to reproduce the request pattern to test detection. Additionally, network monitoring tools or intrusion detection systems can be configured to alert on POST requests with JSON bodies containing 'add_remote_schema' and suspicious URLs. A sample command to test or detect this might be a curl POST request with a JSON payload targeting the /v1/query endpoint, similar to the proof-of-concept exploit script described in Resource 2. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the Hasura GraphQL API endpoint to trusted users or networks, as the vulnerability requires access to the /v1/query endpoint. Applying network-level controls such as firewall rules to limit inbound traffic can reduce exposure. Additionally, monitoring and blocking suspicious POST requests that attempt to add remote schemas with arbitrary URLs can help prevent exploitation. Upgrading Hasura GraphQL to a version where this vulnerability is fixed (if available) is recommended once a patch is released. Until then, applying strict access controls and monitoring is the best immediate defense. [2, 3]