Easy Denial of service throught graphql !

HackerOne report #1770304 by mrhacker404 on 2022-11-10:

Report

hello team, this report is just like my old report ( #1765576 ) feel free to make this N/A too! even you will fix the issue like the old report without even a thanks!
Anyway i will give the request including the path to reproduce or just fix it because its so easy to crash the server and make it down from here x)
Will upload record explaining from A to Z.
public website checkers used in my record :
https://www.isitdownrightnow.com/customers.gitlab.com.html
https://www.websiteplanet.com/webtools/down-or-not/result/?dorn=Customers.gitlab.com
https://downforeveryoneorjustme.com/customers.gitlab.com

same checkers as the old report but the traiger said its a self dos ^^ . i'm pretty sure he didnt even check my pocs or my record :)

path used ( https://customers.gitlab.com/graphql )
Post request will be uploaded in attachement. i used owasp zap in the record . you can use burpsuite intruder

can make down the server anytime and cant get back until stopping the attack.

Warning: Attachments received through HackerOne, please exercise caution!

Please add reproducibility information to this section:

Edited Jan 26, 2023 by Costel Maxim