8 matches found
Query Depth Restriction Bypass
@escape.tech/graphql-armor-max-depth is vulnerable to query depth restriction bypass. The vulnerability is due to the ignoreIntrospection option being enabled by default, which allows an attacker to bypass the max-depth restriction by naming a query or fragment schema...
Allocation Of Resources Without Limits
@escape.tech/graphql-armor-max-depth is vulnerable to Allocation Of Resources Without Limits. The vulnerability is due to improper introspection handling because when ignoreIntrospection is enabled the default, an attacker can name a query/fragment schema to evade max-depth checks and craft...
GHSA-224P-V68G-5G8F GraphQL Armor Max-Depth Plugin Bypass via fragment caching
Summary A query depth restriction using the max-depth can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details In the countDepth function, we have the following code that calculates the depth of a used fragment: typescript...
GraphQL Armor Max-Depth Plugin Bypass via fragment caching
Summary A query depth restriction using the max-depth can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details In the countDepth function, we have the following code that calculates the depth of a used fragment: typescript...
GraphQL Armor Max-Depth Plugin Bypass via Introspection Query Obfuscation
Summary A query depth restriction using the max-depth property can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details At the start of the countDepth function, we have the following check for the ignoreIntrospection option...
GHSA-HMFR-RX46-4JX2 GraphQL Armor Max-Depth Plugin Bypass via Introspection Query Obfuscation
Summary A query depth restriction using the max-depth property can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details At the start of the countDepth function, we have the following check for the ignoreIntrospection option...
Restriction Bypass
@escape.tech/graphql-armor-cost-limit is vulnerable to Restriction bypass. The vulnerability is due to the default enabling of the ignoreIntrospection setting in GraphQL servers, which fails to enforce query cost restrictions when a query or fragment is named schema, allows attackers to bypass co...
PT-2025-19360 · Npm · @Escape.Tech/Graphql-Armor-Cost-Limit
Summary A query cost restriction using the cost-limit can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details At the start of the computeComplexity function, we have the following check for ignoreIntrospection option: ts i...