CVE-2021-47713

HIGH

Hasura GraphQL 1.3.3 - Denial of Service via Malicious GraphQL Query

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47713. PoCs published by Dolev Farhi.

AI-analyzed exploit summary This exploit targets Hasura GraphQL 1.3.3 by creating a table, inserting a large row, and then flooding the server with oversized GraphQL queries to cause a Denial of Service (DoS). It uses multiple threads to amplify the attack.

Description

Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resources and potentially crash the GraphQL endpoint.

Exploits (1)

exploitdb WORKING POC
by Dolev Farhi · pythondosmultiple
https://www.exploit-db.com/exploits/49789

This exploit targets Hasura GraphQL 1.3.3 by creating a table, inserting a large row, and then flooding the server with oversized GraphQL queries to cause a Denial of Service (DoS). It uses multiple threads to amplify the attack.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Hasura GraphQL 1.3.3
No auth needed
Prerequisites: Network access to the Hasura GraphQL endpoint · Ability to send HTTP requests to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.5
EPSS 0.0040
EPSS Percentile 32.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-770
Status published
Products (1)
hasura/graphql_engine 1.3.3
Published Dec 22, 2025
Tracked Since Feb 18, 2026