Security Test: Recursive Fragment¶
Description¶
Default Severity:
The issue happens when a query is crafted to call a GraphQL fragment recursively without proper checks, causing the system's stack to overflow. Without control measures, attackers can send these repetitive queries to overload the system, leading to a denial of service where the server might crash or be unable to handle normal requests. Developers sometimes miss validating recursion limits in queries, which leaves the application vulnerable. This can turn into a major problem if an attacker takes advantage of it, ultimately causing service disruptions or downtime.
Reference:
Configuration¶
Identifier:
resource_limitation/graphql_recursive_fragment
Examples¶
All configuration available:
Compliance and Standards¶
Standard | Value |
---|---|
OWASP API Top 10 | API8:2023 |
OWASP LLM Top 10 | LLM04:2023 |
PCI DSS | 6.5.10 |
GDPR | Article-32 |
SOC2 | CC1 |
PSD2 | Article-95 |
ISO 27001 | A.14.2 |
NIST | SP800-53 |
FedRAMP | SC-5 |
CWE | 770 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:R |
CVSS Score | 6.9 |