Directive Overloading

Updated: June 19, 2025

findings action based findings api finding

Description

Severity: High

The GraphQL endpoint allows excessive duplication of directives in a single query.

This overloading can lead to performance degradation, excessive resource utilization, and potential denial-of-service (DoS) attacks. Unrestricted use of duplicated directives enables malicious actors to exploit server resources, impacting the availability and responsiveness of the API.

Remediation

Implement a limit on the number of duplicated directives allowed in a GraphQL query. Update the server configuration or use query validation middleware to enforce strict thresholds on directive usage.

Need help?

Contact FireTail support

Previous (Findings - Action based findings): Default Login Detected
Next (Findings - Action based findings): Do-Not-Answer vulnerability