Findings

Unresolvable references

Updated: June 19, 2025

findings design based findings api finding

Description

Severity: Info

The document contains references ($ref values) that cannot be resolved programmatically.

These unresolved references may point to non-existent schemas, improperly defined paths, or external resources that are inaccessible or incorrect. Unresolvable references can lead to incomplete API documentation, invalid schemas, and potential errors during validation or execution. In API security and development, unresolved references can create barriers to understanding the API structure and can result in misconfigurations or vulnerabilities.

Example Attack

An API schema includes an unresolved reference ($ref) for input validation in a sensitive endpoint. For example, the POST /users endpoint refers to a missing User schema. The lack of validation caused by this unresolved reference allows an attacker to send malformed or malicious data (e.g., oversized payloads or script injections), potentially compromising the API's security and stability.

Remediation

Ensure that all $ref values are resolvable and locatable within the document. FireTail does not support references to remote documents or circular references.

Need help?

Contact FireTail support

Previous (Findings - Design based findings)
Undefined string limit
Next (Findings - Design based findings)
Unrestricted string