| Details | |
|---|---|
| Alert ID | 50007-1 |
| Alert Type | Tool |
| Status | alpha |
| Risk | Informational |
| CWE | 16 |
| WASC | 15 |
| Technologies Targeted | All |
| Tags |
CWE-16 OWASP_2017_A06 OWASP_2021_A05 |
| More Info |
Scan Rule Help |
Summary
The GraphQL endpoint has Introspection enabled. Introspection allows clients to query the schema and retrieve detailed information about the fields, types, inputs, etc. supported by the GraphQL endpoint. This may be valuable to an attacker, as it could enable them to craft more targeted queries.