Ikus060

**Name of the Vulnerable Software and Affected Versions** rdiffweb versions prior to 2.4.8 **Description** The issue is related to the allocation of resources without limits or throttling, which can lead to a Denial of Service (DoS) attack. Specifically, an unlimited length "title" field when adding an SSH key can result in excess memory consumption. There are no known workarounds for this issue. **Recommendations** For versions prior to 2.4.8, update to version 2.4.8 to resolve the issue. As a temporary workaround, consider restricting the length of the `title` field when adding an SSH key to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** rdiffweb versions prior to 2.4.3 **Description** The issue is related to Cross-Site Request Forgery (CSRF) in the GitHub repository ikus060/rdiffweb. When adding SSH public keys to a profile, the server accepts GET requests, which can lead to unauthorized access to the system and backups. **Recommendations** For versions prior to 2.4.3, update to version 2.4.3 to resolve the issue. As a temporary workaround, consider restricting access to the SSH public key addition feature until the patch is applied.