Security Test: Invalid Persisted Query¶
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | Frontend Scanner |
|---|---|---|
Description¶
Default Severity:
This issue happens when a query saved for future use no longer matches the current setup on the server. If a query refers to something that doesn’t exist anymore, an attacker might intentionally trigger errors or unpredictable responses, potentially revealing sensitive details about the system or causing service disruptions. The most common mistake is not updating or cleaning up these saved queries when the underlying system changes, leaving a gap that bad actors might use to destabilize the service or probe for weaknesses.
Configuration¶
Identifier:
schema/invalid_persisted_query
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API9:2023 |
| OWASP LLM Top 10 | LLM01:2023 |
| PCI DSS | 10.2.4 |
| GDPR | Article-32 |
| SOC2 | CC1 |
| PSD2 | Article-95 |
| ISO 27001 | A.14.2 |
| NIST | SP800-53 |
| FedRAMP | AC-2 |
| CWE | 758 |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N |