Findings

Field Duplication

Updated: June 19, 2025

findings action based findings api finding

Description

Severity: High

The GraphQL endpoint permits queries containing excessive duplication of the same field-up to 500 repetitions in a single query.

This behavior can lead to unnecessary resource consumption, server performance degradation, and potential exploitation by malicious actors to cause denial-of-service (DoS) attacks.

Example Attack

An attacker sends a query with 500 duplicated fields in an attempt to overload the GraphQL server. Each duplicate field forces the server to process the same data multiple times, potentially consuming significant CPU and memory resources. If this query is allowed, it could cause the server to slow down or even crash, resulting in a denial-of-service (DoS) attack.

Remediation

Ensure that the GraphQL API limits the number of duplicated fields in a query.

Need help?

Contact FireTail support

Previous (Findings - Action based findings)
Do-Not-Answer vulnerability
Next (Findings - Action based findings)
Field Suggestions