GraphQL Endpoint Supports Introspection

Risk:
Informational

Type:
Tool

Summary: The GraphQL endpoint has Introspection enabled. Introspection allows clients to query the schema and retrieve detailed information about the fields, types, inputs, etc. supported by the GraphQL endpoint. This may be valuable to an attacker, as it could enable them to craft more targeted queries.

Solution: Disable Introspection on the GraphQL endpoint.

References: https://spec.graphql.org/October2021/#sec-Introspection

Free online web security scanner

Don't show website scan report rating on the leaderboard