Headline
GHSA-7fgc-89cx-w8j5: Out of memory error when submitting the dataset form with a specially-crafted field
Impact
When submitting a POST request to the /dataset/new endpoint (including either the auth cookie or the Authorization header) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server.
To trigger this error the user needs to have permissions to create or edit datasets.
Patches
This vulnerability has been patched in CKAN 2.10.3 and 2.9.10
Skip to content
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
- Pricing
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2023-50248
Out of memory error when submitting the dataset form with a specially-crafted field
Moderate severity GitHub Reviewed Published Dec 13, 2023 in ckan/ckan • Updated Dec 13, 2023
Affected versions
>= 2.0, < 2.9.10
>= 2.10.0, < 2.10.3
Patched versions
2.9.10
2.10.3
Description
Impact
When submitting a POST request to the /dataset/new endpoint (including either the auth cookie or the Authorization header) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server.
To trigger this error the user needs to have permissions to create or edit datasets.
Patches
This vulnerability has been patched in CKAN 2.10.3 and 2.9.10
References
- GHSA-7fgc-89cx-w8j5
- https://nvd.nist.gov/vuln/detail/CVE-2023-50248
- ckan/ckan@bd02018
Published to the GitHub Advisory Database
Dec 13, 2023
Last updated
Dec 13, 2023