Detections
Analytics
GraphQL Batching
info Web App Scanning Plugin ID 114211
Language:
Synopsis
GraphQL BatchingDescription
GraphQL engines sometimes support combining a group of requests into a single one to try optimizing network performances between the client and the GraphQL server. When supported and enabled, this feature implementation should be reviewed as it could be abused by an attacker to bypass application rate limits or conduct Denial of Service (DoS) attacks.See Also
https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html#batching-attacks
https://graphql.org/learn/best-practices/
https://www.apollographql.com/blog/batching-client-graphql-queries
Plugin Details
Severity: Info
ID: 114211
Type: remote
Family: Web Applications
Published: 2/21/2024
Updated: 2/21/2024
Scan Template: api, basic, full, pci, scan