Sorare: Unsufficent input verification leads to DoS and resource consumption

The vulnerability affects the API endpoint at api.sorare.com/api/v1/users/, where insufficient input verification of the email parameter was discovered. This allowed an attacker to submit an excessively long email, causing the server to become unresponsive and return a 503 Service Unavailable...

Sorare: Circular based introspetion Query leading to single request denial of service and cost consumption and query cost on api.sorare.com/graphql

The Sorare GraphQL API has an introspection feature enabled by default, which allows developers to explore the API's schema. However, due to a lack of depth limits, an attacker can execute a circular introspection query that leads to a single request denial of service, affecting both the...