CVE-2019-1020015

Summary

graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT.

Affected Software

VendorProductVersion RangeStatus
graphql-enginegraphql-engine< 1.0.0-beta.3affected

Weaknesses

  • mishandles the audience check

ADP Enrichment

CVE Program Container

Additional References

References