Description

Your GraphQL server implementation does not restrict or limit the size of incoming queries. During the assessment, it was observed that a GraphQL query comprising 20000 characters was successfully processed by the server. Large, unchecked queries pose potential denial-of-service threats and can lead to unintended processing costs.

Implementing a simple length check can prevent oversized queries from being processed, thereby safeguarding the server from potential abuse and improving the resilience of your GraphQL server against DoS attacks.

Remediation

Enforce Query Length Limit: Implement a middleware that checks the length of the incoming GraphQL queries. Queries that exceed a reasonable length, such as 2000 characters, should be rejected. The provided code snippet is an example of how to implement such a check: 

 app.use('*', (req, res, next) => {
  const query = req.query.query || req.body.query || '';
  if (query.length > 8192) {
    throw new Error('Query too large');
  }
  next();
});
This ensures that only queries within the accepted length are processed, offering a layer of protection against potential attacks.

Related Vulnerabilities

Apache Server-Info Detected

Unrestricted access to Haproxy Data Plane API

GraphQL Non-JSON Mutations over GET: Potential CSRF Vulnerability

HTTP Strict Transport Security (HSTS) Policy Not Enabled

Apache Solr endpoint

Severity

Medium

Classification

CWE-400 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Tags

Configuration Denial-of-service