Pandatix

Name of the Vulnerable Software and Affected Versions: Chall-Manager versions prior to 0.1.4 Description: Chall-Manager is a platform-agnostic system designed to initiate challenges on demand. A zip slip condition exists when decoding scenarios (zip archives) due to a lack of path validation during file writing. This issue does not require authentication or authorization for exploitation. Recommendations: Update to version 0.1.4 or later.

**Name of the Vulnerable Software and Affected Versions:** Chall-Manager versions prior to 0.1.4 **Description:** Chall-Manager is susceptible to a zip bomb decompression issue when decoding scenario zip archives. The vulnerability does not require authentication or authorization for exploitation. **Recommendations:** Update to version 0.1.4, which includes commit 14042aa.

**Name of the Vulnerable Software and Affected Versions:** Chall-Manager versions prior to 0.1.4 **Description:** Chall-Manager, a platform-agnostic system for starting Challenges on Demand, is susceptible to a Denial of Service (DoS) attack via a slow loris attack against its HTTP Gateway. The gateway lacks a timeout setting, allowing an attacker to exhaust system resources. Exploitation does not require authentication or authorization. It is recommended to deploy Chall-Manager deep within the infrastructure to limit external access. **Recommendations:** Update to version 0.1.4 or later.