Unknown · Syncbreeze · CVE-2020-36946
**Name of the Vulnerable Software and Affected Versions**
SyncBreeze version 10.0.28
**Description**
SyncBreeze version 10.0.28 contains a denial of service issue in the 'login' endpoint. Remote attackers can send an oversized payload in a login request to overwhelm the application, potentially disrupting service availability. The vulnerable endpoint is `/login`. The attack involves sending an oversized payload to the `login` endpoint, which can cause the service to crash.
**Recommendations**
Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider limiting the size of the payload allowed in the 'login' endpoint.