GraphQL Array-based Query Batching Allowed: Potential Batching Attack Vulnerability
Description
Your web application is running with GraphQL Array-based Query Batching enabled, allowing 10+ simultaneous queries in a single request. GraphQL Query Batching is a feature that permits multiple queries to be sent to the server in a single request, reducing server processing overhead. While this feature is beneficial in certain use cases, it can also be exploited by malicious actors to perform batching attacks, which involve sending a large number of GraphQL operations within a single web request.
Remediation
Limit Query Batching: Implement restrictions on the number of allowed queries in a single batch request to reduce the potential impact of a batching attack.