CVE-2019-1020015

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-1020015
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1020015.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-1020015
Published
2019-07-29T13:15:12.090Z
Modified
2026-04-10T04:13:10.468821Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT.

References

Affected packages

Git / github.com/hasura/graphql-engine

Affected ranges

Type
GIT
Repo
https://github.com/hasura/graphql-engine
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f0ddbc842078ab7503925351c89b0488aba460dd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f0ddbc842078ab7503925351c89b0488aba460dd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
97246f95fc5ab692653e0f03e0c0601a572977fb
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e7e4f480d519171a694a5c8d2541bd6b642beaa7
Fixed
f2f14e727b051e3003ba44b9b63eab8186b291ac
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-beta\\.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-beta\\.2"
        }
    ]
}

Affected versions

v1.*
v1.0.0
v1.0.0-alpha0
v1.0.0-alpha01
v1.0.0-alpha02
v1.0.0-alpha03
v1.0.0-alpha04
v1.0.0-alpha05
v1.0.0-alpha06
v1.0.0-alpha07
v1.0.0-alpha08
v1.0.0-alpha09
v1.0.0-alpha10
v1.0.0-alpha11
v1.0.0-alpha12
v1.0.0-alpha13
v1.0.0-alpha14
v1.0.0-alpha15
v1.0.0-alpha16
v1.0.0-alpha17
v1.0.0-alpha18
v1.0.0-alpha20
v1.0.0-alpha21
v1.0.0-alpha22
v1.0.0-alpha23
v1.0.0-alpha24
v1.0.0-alpha25
v1.0.0-alpha26
v1.0.0-alpha27
v1.0.0-alpha28
v1.0.0-alpha29
v1.0.0-alpha30
v1.0.0-alpha31
v1.0.0-alpha32
v1.0.0-alpha33
v1.0.0-alpha34
v1.0.0-alpha35
v1.0.0-alpha36
v1.0.0-alpha37
v1.0.0-alpha38
v1.0.0-alpha39
v1.0.0-alpha40
v1.0.0-alpha41
v1.0.0-alpha42
v1.0.0-alpha43
v1.0.0-alpha44
v1.0.0-alpha45
v1.0.0-beta.1
v1.0.0-beta.10
v1.0.0-beta.2
v1.0.0-beta.3
v1.0.0-beta.4
v1.0.0-beta.5
v1.0.0-beta.6
v1.0.0-beta.7
v1.0.0-beta.8
v1.0.0-beta.9
v1.0.0-rc.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1020015.json"