Internet Bug Bounty: rubygems.org Batching attack to `confirmation_token` by bypass rate limit

The following is copied from hackerone's report. https://hackerone.com/reports/1529183 --- I confirmed that EmailConfirmationsController has the same problem as https://hackerone.com/reports/449356...

GraphQL Batching Attack

There is a new attack surface when the app tech stack includes GraphQL. It's Batched Attacks on GraphQL APIs. How can these apps be protected? Read more to find out. The post GraphQL Batching Attack appeared first on Wallarm Blog...