This means that there are still some edge cases in the specification that haven’t been fully explored. It also means that we’re facing an uphill battle when trying to secure GraphQL against attacks.

2. The “double declaration” problem#
The double declaration problem is one of the most common vulnerabilities in GraphQL applications today: You have 2 or more resolvers for the same field name (e.g.: user ). If you call this field from your client-side application, both resolvers will be triggered with different arguments and return different data without any validation on their output
https://t.co/VoA6wXW431