Headline
GHSA-75r6-6jg8-pfcq: octo-sts vulnerable to unauthenticated attacker causing unbounded CPU and memory usage
Impact
This vulnerability can spike the resource utilization of the STS service, and combined with a significant traffic volume could potentially lead to a denial of service.
Patches
This vulnerability existed in the repository at HEAD, we will cut a 0.1.0 release with the fix.
Workarounds
None
References
None
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2024-34079
octo-sts vulnerable to unauthenticated attacker causing unbounded CPU and memory usage
Low severity GitHub Reviewed Published May 10, 2024 in octo-sts/app • Updated May 13, 2024
Package
gomod github.com/octo-sts/app (Go)
Affected versions
< 0.1.0
Impact
This vulnerability can spike the resource utilization of the STS service, and combined with a significant traffic volume could potentially lead to a denial of service.
Patches
This vulnerability existed in the repository at HEAD, we will cut a 0.1.0 release with the fix.
Workarounds
None
References
None
References
- GHSA-75r6-6jg8-pfcq
- octo-sts/app@74ba874
Published to the GitHub Advisory Database
May 13, 2024
Last updated
May 13, 2024