Description

Your web application is running with GraphQL Alias Overloading enabled, allowing 100+ aliases in a single request. GraphQL aliases allow clients to perform the same query multiple times in a single request by assigning a different name to each of them. This feature can be useful for legitimate use cases but may also be exploited by attackers to perform Denial of Service (DoS) attacks on GraphQL APIs.

Remediation

Limit Alias Overloading: Implement restrictions on the number of allowed aliases in a single request to reduce the potential impact of a DoS attack.

Rate Limiting: Apply rate limiting to client requests, limiting the number of requests per client in a given time frame, reducing the likelihood and impact of DoS attacks.

References

Related Vulnerabilities