ZAP scanner has found this issue in multiple URLs (interestingly in CSS files too, related #6911 (comment))

I have tried changing this random blob value to massive figures but the response time is not very different, also the application is responding normally, some of the URLs are images/css/js as already mentioned while others are GET requests with params but I dont think so there's any SQLi

Closing as duplicate of #8112, specifically #8112 (comment)

Whether or not they are static is not the problem, the problem is that the current time based tests are not reliable (and what the linked comment aims to address).

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.