Denial of Service :: Circular Fragment


Problem Statement

The GraphQL API allows creating circular fragments, such that two fragments are cross-referencing eachother. When a Spread Operator (...) references a fragment, which in return references a 2nd fragment that leads to the former fragment, may cause a recursive loop and crash the server.

Resources
Exploitation Solution