Asantof

**Name of the Vulnerable Software and Affected Versions** Directus versions prior to 10.12.0 **Description** A denial of service (DoS) attack by field duplication in GraphQL is possible, where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single query. This can cause the server to perform redundant computations and consume excessive resources, leading to a denial of service for legitimate users. Requests to the endpoint "/graphql" are sent when visualizing graphs generated at a dashboard. By modifying the data sent and duplicating many times the fields, a DoS attack is possible. The `max` field and `id` field are specifically vulnerable to this type of attack. **Recommendations** For versions prior to 10.12.0, update to version 10.12.0 to fix the vulnerability. As a temporary workaround, consider restricting access to the "/graphql" endpoint or limiting the number of repeated fields in a single query to minimize the risk of exploitation.