Headline

GHSA-3fhq-72hw-jqwv: rdiffweb's lack of token name length limit can result in DoS or memory corruption

rdiffweb prior to 2.5.0a3 is vulnerable to Allocation of Resources Without Limits or Throttling. A lack of limit in the length of the Token name parameter can result in denial of service or memory corruption. Version 2.5.0a3 fixes this issue.

2 years ago

ghsa

Open in Source

#web #dos #git

GitHub Advisory Database
GitHub Reviewed
CVE-2022-3371

rdiffweb’s lack of token name length limit can result in DoS or memory corruption

High severity GitHub Reviewed Published Oct 1, 2022 • Updated Oct 3, 2022

Package

pip rdiffweb (pip)

Affected versions

< 2.5.0a3

Description

Related news

CVE-2022-3371

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3.

2 years ago

CVE

Open in Source

#web #git

ghsa: Latest News

GHSA-7p9f-6x8j-gxxp: CRI-O: Maliciously structured checkpoint file can gain arbitrary node access

35 minutes ago

ghsa

GHSA-hh33-46q4-hwm2: Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion

2 hours ago

ghsa

GHSA-rmv2-8jjc-23xw: TCPDF Local File Inclusion vulnerability

3 hours ago

ghsa

GHSA-w5rq-g9r6-vrcg: @dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling

5 hours ago

ghsa

GHSA-q4xm-6fjc-5f6w: sigstore-java has vulnerability with bundle verification

5 hours ago

ghsa