GHSA-733V-P3H5-QPQ7
Vulnerability from github – Published: 2025-04-25 15:14 – Updated: 2025-04-29 16:45Summary
A query cost restriction using the cost-limit can be bypassed if ignoreIntrospection is enabled (which is the default configuration) by naming your query/fragment __schema.
Details
At the start of the computeComplexity function, we have the following check for ignoreIntrospection option:
if (this.config.ignoreIntrospection && 'name' in node && node.name?.value === '__schema') {
return 0;
}
However, the node can be FieldNode | FragmentDefinitionNode | InlineFragmentNode | OperationDefinitionNode | FragmentSpreadNode
So, for example, sending the following query
query hello {
books {
title
}
}
would create an OperationDefinitionNode with node.name.value == 'hello'
The proper way to handle this would be to check for the __schema field, which would create a FieldNode.
The fix is
if (
this.config.ignoreIntrospection &&
'name' in node &&
node.name?.value === '__schema' &&
node.kind === Kind.FIELD
) {
return 0;
}
to assert that the node must be a FieldNode
PoC
query {
...__schema
}
fragment __schema on Query {
books {
title
author
}
}
query __schema {
books {
title
author
}
}
Impact
Applications using GraphQL Armor Cost Limit plugin with ignoreIntrospection enabled.
Fix:
Fixed on 772. A quick patch would be to set ignoreIntrospection to false.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@escape.tech/graphql-armor-cost-limit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-25T15:14:36Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\nA query cost restriction using the `cost-limit` can be bypassed if `ignoreIntrospection` is enabled (which is the default configuration) by naming your query/fragment `__schema`.\n\n### Details\nAt the start of the `computeComplexity` function, we have the following check for `ignoreIntrospection` option:\n\n```ts\n if (this.config.ignoreIntrospection \u0026\u0026 \u0027name\u0027 in node \u0026\u0026 node.name?.value === \u0027__schema\u0027) {\n return 0;\n }\n```\n\nHowever, the `node` can be `FieldNode | FragmentDefinitionNode | InlineFragmentNode | OperationDefinitionNode | FragmentSpreadNode`\n\nSo, for example, sending the following query\n\n```gql\nquery hello {\n books {\n title\n }\n}\n```\n\nwould create an `OperationDefinitionNode` with `node.name.value == \u0027hello\u0027`\n\nThe proper way to handle this would be to check for the `__schema` field, which would create a `FieldNode`.\n\nThe fix is\n\n```ts\n if (\n this.config.ignoreIntrospection \u0026\u0026\n \u0027name\u0027 in node \u0026\u0026\n node.name?.value === \u0027__schema\u0027 \u0026\u0026\n node.kind === Kind.FIELD\n ) {\n return 0;\n }\n```\n\nto assert that the node must be a `FieldNode`\n\n### PoC\n```gql\nquery {\n ...__schema\n}\n\nfragment __schema on Query {\n books {\n title\n author\n }\n}\n```\n\n```gql\nquery __schema {\n books {\n title\n author\n }\n}\n```\n\n### Impact\nApplications using GraphQL Armor Cost Limit plugin with `ignoreIntrospection` enabled.\n\n### Fix:\nFixed on [772](https://github.com/Escape-Technologies/graphql-armor/pull/772). A quick patch would be to set `ignoreIntrospection` to false.",
"id": "GHSA-733v-p3h5-qpq7",
"modified": "2025-04-29T16:45:56Z",
"published": "2025-04-25T15:14:36Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Escape-Technologies/graphql-armor/security/advisories/GHSA-733v-p3h5-qpq7"
},
{
"type": "WEB",
"url": "https://github.com/Escape-Technologies/graphql-armor/pull/772"
},
{
"type": "WEB",
"url": "https://github.com/Escape-Technologies/graphql-armor/commit/5a329541cf32a359ee1f69748738f91231b26eba"
},
{
"type": "PACKAGE",
"url": "https://github.com/Escape-Technologies/graphql-armor"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "GraphQL Armor Cost-Limit Plugin Bypass via Introspection Query Obfuscation"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.