Published on July 30th, 2019 📆 | 5040 Views ⚑
0graphql-engine up to 1.0.0-beta.2 JWT unknown vulnerability [CVE-2019-1020015]
CVSS Meta Temp Score | Current Exploit Price (โ) |
---|---|
5.3 | $0-$5k |
A vulnerability was found in graphql-engine up to 1.0.0-beta.2. It has been rated as problematic. Affected by this issue is an unknown part of the component JWT Handler. The impact remains unknown. CVE summarizes:
graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT.
The weakness was disclosed 07/29/2019. This vulnerability is handled as CVE-2019-1020015 since 07/26/2019. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 07/30/2019).
Upgrading to version 1.0.0-beta.3 eliminates this vulnerability.
Name
Class: Unknown
Local: Yes
Remote: No
Availability: ๐
Status: Not defined
Price Prediction: ๐
Current Price Estimation: ๐
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Threat: ๐
Adversaries: ๐
Geopolitics: ๐
Economy: ๐
Predictions: ๐
Remediation: ๐Recommended: Upgrade
Status: ๐
0-Day Time: ๐
Upgrade: graphql-engine 1.0.0-beta.3
07/26/2019 CVE assigned
07/29/2019 Advisory disclosed
07/30/2019 VulDB entry created
07/30/2019 VulDB last update
CVE: CVE-2019-1020015 (๐)Created: 07/30/2019 08:25 AM
Complete: ๐
Download it now for free!
https://vuldb.com/?id.138932
Gloss