Skip to content

Security Test: Recursive Fragment

Description

Default Severity:

The issue happens when a query is crafted to call a GraphQL fragment recursively without proper checks, causing the system's stack to overflow. Without control measures, attackers can send these repetitive queries to overload the system, leading to a denial of service where the server might crash or be unable to handle normal requests. Developers sometimes miss validating recursion limits in queries, which leaves the application vulnerable. This can turn into a major problem if an attacker takes advantage of it, ultimately causing service disruptions or downtime.

Reference:

Configuration

Identifier: resource_limitation/graphql_recursive_fragment

Examples

All configuration available:

checks:
  resource_limitation/graphql_recursive_fragment:
    skip: false # default

Compliance and Standards

Standard Value
OWASP API Top 10 API8:2023
OWASP LLM Top 10 LLM04:2023
PCI DSS 6.5.10
GDPR Article-32
SOC2 CC1
PSD2 Article-95
ISO 27001 A.14.2
NIST SP800-53
FedRAMP SC-5
CWE 770
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:R
CVSS Score 6.9