GraphQL Exposure

GraphQL is an open source query language developed by Facebook. It allows you to work with your data in a new and efficient way. It helps developers build applications with a focus on data consistency. GraphQL is a specification. Facebook released it as an open source project in 2015.

Impact

Insecure GraphQL endpoints may enable unauthorised access to sensitive data and application features.

Solution

If the graphq endpoint not in use, ensure that it is removed or only available to authorised users.