logo

GraphQL Endpoint Supports Introspection

  • Risk:
  • Informational

  • Type:
  • Tool
Summary

The GraphQL endpoint has Introspection enabled. Introspection allows clients to query the schema and retrieve detailed information about the fields, types, inputs, etc. supported by the GraphQL endpoint. This may be valuable to an attacker, as it could enable them to craft more targeted queries.

Solution

Disable Introspection on the GraphQL endpoint.

References

https://spec.graphql.org/October2021/#sec-Introspection

Free security scan for your website