CVE-2023-50248

Name of the Vulnerable Software and Affected Versions CKAN versions 2.0.0 through 2.9.9 CKAN versions 2.10.0 through 2.10.2

Description CKAN is an open-source data management system for powering data hubs and data portals. When submitting a POST request to the "/dataset/new" endpoint (including either the auth cookie or the Authorization header) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server. To trigger this error, the attacker needs to have permissions to create or edit datasets.

Recommendations For CKAN versions 2.0.0 through 2.9.9, update to version 2.9.10 or later. For CKAN versions 2.10.0 through 2.10.2, update to version 2.10.3 or later. As a temporary workaround, consider restricting access to the "/dataset/new" endpoint for users with permissions to create or edit datasets until a patch is applied.