CVE-2020-36946

Name of the Vulnerable Software and Affected Versions SyncBreeze version 10.0.28

Description SyncBreeze version 10.0.28 contains a denial of service issue in the 'login' endpoint. Remote attackers can send an oversized payload in a login request to overwhelm the application, potentially disrupting service availability. The vulnerable endpoint is /login. The attack involves sending an oversized payload to the login endpoint, which can cause the service to crash.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider limiting the size of the payload allowed in the 'login' endpoint.