These unresolved references may point to non-existent schemas, improperly defined paths, or external resources that are inaccessible or incorrect. Unresolvable references can lead to incomplete API documentation, invalid schemas, and potential errors during validation or execution. In API security and development, unresolved references can create barriers to understanding the API structure and can result in misconfigurations or vulnerabilities.
An API schema includes an unresolved reference ($ref) for input validation in a sensitive endpoint. For example, the POST /users endpoint refers to a missing User schema. The lack of validation caused by this unresolved reference allows an attacker to send malformed or malicious data (e.g., oversized payloads or script injections), potentially compromising the API's security and stability.
