You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Vulnerability: Prisma defaults to num_cpus * 2 + 1 connections. In a container with 1 vCPU, that's only 3 connections. Under sustained load, this is easily exhausted.
Exploit scenario: An attacker sends bursts of requests just under the rate limit (1000/15min = ~1.1/sec). With only 3 pool connections and no statement timeout, even moderate query latency causes queuing and eventual timeouts.
Impact: API becomes unresponsive under moderate load.
Suggested fix: Set pool size explicitly via the connection URL: postgresql://...?connection_limit=20
connection URL: postgresql://...?connection_limit=20