Hasura GraphQL Engine prior to 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. (Versions prior to 2.10.0 are unaffected.)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hasura graphql engine |
||
hasura graphql engine 2.14.0 |
||
hasura graphql engine 2.12.0 |