GraphQL Endpoint Supports Introspection
- Risk:
Informational
- Type:
- Tool
- CWE:
- 16
- Summary
- The GraphQL endpoint has Introspection enabled. Introspection allows clients to query the schema and retrieve detailed information about the fields, types, inputs, etc. supported by the GraphQL endpoint. This may be valuable to an attacker, as it could enable them to craft more targeted queries.
- Solution
- Disable Introspection on the GraphQL endpoint.