GraphQL Non-JSON Queries over GET: Potential CSRF Vulnerability
Severity:
Medium
Summary
Your web application's GraphQL implementation accepts non-JSON queries over GET requests, increasing the risk of Cross-Site Request Forgery (CSRF) attacks. While JSON-based POST requests are generally considered resistant to CSRF, non-JSON GET requests are more susceptible to this type of attacks.
Impact
A successful CSRF attack could result in unauthorized actions being performed on behalf of authenticated users, potentially leading to data manipulation, unauthorized access, or unintended changes to the application state. This can compromise the integrity and security of your web application and may lead to unauthorized disclosure or loss of sensitive information.
Remediation
Restrict GraphQL queries to JSON-based POST requests to limit the CSRF attack surface.
Required Skills for Successful Exploitation
Actions To Take
Classifications
Vulnerability Index
You can search and find all vulnerabilities
Select Category
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Featured resources
Build your resistance to threats. And save hundreds of hours each month.
