GraphQL suggestions enabled

Description: GraphQL suggestions enabled

GraphQL suggestions are an Apollo feature in which the server is configured to respond to invalid queries with suggestions for valid queries that have a similar syntax.

Suggestions can represent a significant security risk, as they enable attackers to glean information about a GraphQL schema even if introspection is disabled. By sending intentionally invalid queries and collating suggestions in responses, attackers can learn the names and structures of valid queries and mutations.

Remediation: GraphQL suggestions enabled

Ensure that you have disabled or otherwise masked error messages containing suggestions on your GraphQL server.

References

Vulnerability classifications

CWE-200: Information Exposure

Typical severity

Low

Type index (hex)

0x00200513

Type index (decimal)

2098451

Burp Scanner

This issue - and many more like it - can be found using our web vulnerability scanner

Get Burp

Scan your web application from just $449.00

Find out more

How do I?	New Post	View All
Feature Requests	New Post	View All
Burp Extensions	New Post	View All
Bug Reports	New Post	View All