Arielshaqed

**Name of the Vulnerable Software and Affected Versions** lakeFS versions 1.49.1 and earlier **Description** lakeFS is an open-source tool that transforms object storage into a Git-like repository. In affected versions, an authenticated user can crash lakeFS by exhausting server memory, resulting in an authenticated denial-of-service issue. This problem has been solved in version 1.50.0. **Recommendations** For versions 1.49.1 and earlier, update to version 1.50.0 or later to resolve the issue. As a temporary workaround for users unable to upgrade, set the environment variable `LAKEFS BLOCKSTORE S3 DISABLE PRE SIGNED MULTIPART` to `true` or configure the `disable pre signed multipart` key to `true` in the config yaml.