Security Test: Recursive Fragment¶

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	Frontend Scanner

Description¶

Default Severity:

The issue happens when a query is crafted to call a GraphQL fragment recursively without proper checks, causing the system's stack to overflow. Without control measures, attackers can send these repetitive queries to overload the system, leading to a denial of service where the server might crash or be unable to handle normal requests. Developers sometimes miss validating recursion limits in queries, which leaves the application vulnerable. This can turn into a major problem if an attacker takes advantage of it, ultimately causing service disruptions or downtime.

Reference:

https://github.com/graph-gophers/graphql-go/security/advisories/GHSA-mh3m-8c74-74xh

Configuration¶

Identifier: resource_limitation/graphql_recursive_fragment

Examples¶

All configuration available:

checks:
  resource_limitation/graphql_recursive_fragment:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API8:2023
OWASP LLM Top 10	LLM04:2023
PCI DSS	`6.5.10`
GDPR	`Article-32`
SOC2	`CC1`
PSD2	`Article-95`
ISO 27001	`A.14.2`
NIST	`SP800-53`
FedRAMP	`SC-5`
CWE	`770`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:R`
CVSS Score	`6.9`