Your web application is running with GraphQL Alias Overloading enabled, allowing 100+ aliases in a single request. GraphQL aliases allow clients to perform the same query multiple times in a single request by assigning a different name to each of them. This feature can be useful for legitimate use cases but may also be exploited by attackers to perform Denial of Service (DoS) attacks on GraphQL APIs.

Allowing GraphQL Alias Overloading with hundreds of aliases in a production environment can lead to performance issues or server resource exhaustion, as attackers could craft requests that generate a large number of queries, consuming excessive server resources and potentially causing a Denial of Service. This may impact the availability and performance of the web application for legitimate users.

Limit Alias Overloading: Implement restrictions on the number of allowed aliases in a single request to reduce the potential impact of a DoS attack.

Rate Limiting: Apply rate limiting to client requests, limiting the number of requests per client in a given time frame, reducing the likelihood and impact of DoS attacks.