Skip to content

Security Test: Invalid Persisted Query

Description

Default Severity:

This issue happens when a query saved for future use no longer matches the current setup on the server. If a query refers to something that doesn’t exist anymore, an attacker might intentionally trigger errors or unpredictable responses, potentially revealing sensitive details about the system or causing service disruptions. The most common mistake is not updating or cleaning up these saved queries when the underlying system changes, leaving a gap that bad actors might use to destabilize the service or probe for weaknesses.

Configuration

Identifier: schema/invalid_persisted_query

Examples

All configuration available:

checks:
  schema/invalid_persisted_query:
    skip: false # default

Compliance and Standards

Standard Value
OWASP API Top 10 API9:2023
OWASP LLM Top 10 LLM01:2023
PCI DSS 10.2.4
GDPR Article-32
SOC2 CC1
PSD2 Article-95
ISO 27001 A.14.2
NIST SP800-53
FedRAMP AC-2
CWE 758
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N