GraphQL Cross-Site Request Forgery
Discription

GraphQL is an open-source query and manipulation language for APIs and a server-side runtime built to handle these queries on the application dataset. GraphQL servers often allow other `Content-Type` header values than `application/json`, and GET based requests for both queries and mutations. By leveraging this, an attacker could achieve a Cross-Site Request Forgery (CSRF) attack and make an authenticated user perform arbitrary actions on the target GraphQL endpoint.Read More

Back to Main

Subscribe for the latest news: