PT-2023-12181 · Octobox · Octobox

Nick Rolfe

Publicado

2023-02-20

Atualizado

2023-03-01

CVE-2021-32848

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Octobox versions prior to pull request 2807

Description Octobox is software for managing GitHub notifications. A user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability.

Recommendations For versions prior to pull request 2807, update to a version that includes the fix from pull request 2807 to resolve the issue. As a temporary workaround, consider restricting the ability for users to input specially crafted search query strings until the update is applied.

Exploit

Correção

Allocation of Resources Without Limits

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770CWE-1333

Identificadores relacionados

CVE-2021-32848

Produtos afetados

Octobox

PT-2023-12181 · Octobox · Octobox

CVE-2021-32848

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7