Description

Your web application's GraphQL API has been identified to allow nested queries with circular relationships through introspection. This configuration can lead to complex queries that consume an excessive amount of resources, potentially resulting in a Denial of Service (DoS) attack that reduces the availability of your GraphQL API and affects the overall performance of your web application.

Remediation

Limit Query Depth: Implement a restriction on the maximum query depth allowed in the GraphQL API to prevent excessive nesting and circular queries.

References

Related Vulnerabilities