Security Test: Cyclic Recursive Query¶
Description¶
Default Severity:
When an attacker sends a query that causes objects to reference each other in a loop, it can make the returned data grow exponentially. Essentially, the vulnerability arises when your system doesn't properly manage these circular calls, so each repeated reference adds more data until it overwhelms your server's capacity. This can lead to a Denial of Service, making your system slow or completely unavailable. Many developers fall into the trap of assuming that the query size will automatically be capped or that such recursive scenarios won’t occur, leaving the system exposed if those safeguards aren’t explicitly set up.
Configuration¶
Identifier:
resource_limitation/graphql_circular_introspection
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API8:2023 |
| OWASP LLM Top 10 | LLM04:2023 |
| PCI DSS | 6.5.10 |
| GDPR | Article-32 |
| SOC2 | CC6 |
| PSD2 | Article-97 |
| ISO 27001 | A.14.2 |
| NIST | SP800-53 |
| FedRAMP | AC-4 |
| CWE | 730 |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:R |
| CVSS Score | 4.4 |