Hasura GraphQL Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in Hasura GraphQL version 1.3.3. This vulnerability allows attackers to inject arbitrary remote schema URLs through the add_remote_schema endpoint. Exploitation involves sending crafted POST requests to the /v1/query endpoint with malicious URL definitions, which could potentially access internal network resources.

Impact

Exploitation of this vulnerability could lead to unauthorized access to internal network resources by injecting malicious URLs that are then accessed by the Hasura server.

Reproduction

To reproduce this vulnerability, send a POST request to the /v1/query endpoint with a payload that includes the add_remote_schema command. The payload must specify a remote schema URL that the attacker wishes to inject. Once the remote schema is added, the Hasura server may access the injected URL, potentially leading to unauthorized access to internal resources.