Denial of Service (DoS) attacks in GraphQL APIs are nothing new. It turns out that when you let clients control what data they want to receive from the server, malicious users try to abuse this flexibility to exhaust resources. Who

It seems like developers working on REST APIs have finally come to terms with the dangers of verbose error messages, but GraphQL developers are still learning what happens when their API schema is left unprotected. In March 2022, CVE-2021-4191 disclosed

Every several years, a boring old problem becomes relevant again, typically because those who develop new technologies fail to learn lessons from the mistakes of those who developed old ones. This is apparently the case with Cross-Site Request Forgery (CSRF)