1The Recursive Query
Because GraphQL is a graph, relationships go both ways. A hacker can send: query { user { posts { author { posts { author { posts } } } } } }. This infinite recursion will crash your server instantly. You MUST configure Apollo Server with a 'Depth Limit' validation rule (usually max depth of 5 or 6) to reject these malicious payloads.
