Description
Your web application is running with GraphQL Field Suggestions enabled in a production environment.
GraphQL Field Suggestions is a feature that provides clients with suggested field names when an invalid or non-existent field is queried. This feature can help developers identify available fields and navigate the API more effectively.
However, in a production environment, exposing field suggestions may pose a security risk, as attackers could use the suggested field names to gather information about the API's structure and potentially craft targeted attacks, exploit other vulnerabilities, or gain unauthorized access to protected resources. It is essential to disable or restrict access to field suggestions in production environments to prevent unauthorized access and information leakage.
Remediation
Disable Field Suggestions: Ensure that GraphQL Field Suggestions are disabled or restricted in production environments. Keep this feature enabled only in development or staging environments where access is limited to authorized personnel.