Description

Your web application is running with GraphQL Array-based Query Batching enabled, allowing 10+ simultaneous queries in a single request. GraphQL Query Batching is a feature that permits multiple queries to be sent to the server in a single request, reducing server processing overhead. While this feature is beneficial in certain use cases, it can also be exploited by malicious actors to perform batching attacks, which involve sending a large number of GraphQL operations within a single web request.

Remediation

Limit Query Batching: Implement restrictions on the number of allowed queries in a single batch request to reduce the potential impact of a batching attack.

References

Defeating controls with Array-based Query Batching

Exploiting GraphQL Batching Attacks Using Turbo Intruder

Related Vulnerabilities

SSL Certificate Is About To Expire

Web Cache Poisoning DoS (for javascript)

ASP.NET expired session IDs are not regenerated

Error page path disclosure

Open Silverlight Client Access Policy

Severity

Medium

Classification

CWE-770 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Configuration Denial Of Service