Description
Acunetix determined that it was possible to access the Hasura GraphQL API without authentication. An unauthentication attacker may use this API to perform SSRF (Server-side request forgery) attacks.
Remediation
Restrict access to the Hasura GraphQL API by setting admin secret.