Be careful when using a library to parse GraphQL.
Discription
If you’re not sure, test it!
2. The double (quintuple) declaration problem#
The second most common vulnerability in GraphQL is the double (quintuple) declaration problem. When we query for something like this:
{ me { name } } #=> SELECT “me”.* FROM “users” WHERE (“users”.”id” = $1 [[“id”, 1]]) AS users_1; # ..
https://t.co/LtcH3YvUYV
References
Back to Main