The application contains a vulnerability that allows an attacker to consume excessive resources (CPU, memory, disk, network) through crafted requests, degrading or denying service to legitimate users.
An attacker could render the application unavailable to legitimate users, cause financial losses from downtime, or use resource exhaustion as a distraction while conducting other attacks.
Implement request rate limiting and throttling. Set appropriate timeouts for all operations. Implement pagination for large data sets. Use CDN and DDoS protection services. Design for horizontal scalability. Validate input sizes and complexity.