CVE-2020-9343

Name of the Vulnerable Software and Affected Versions signotec signoPAD-API/Web versions prior to 3.1.1

Description An issue was discovered in the implementation of signotec signoPAD-API/Web, where it is possible to perform a Denial of Service attack because the implementation doesn't limit the parsing of nested JSON structures. If a victim visits an attacker-controlled website, this issue can be exploited via WebSocket data with a deeply nested JSON array.

Recommendations For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to WebSocket data to minimize the risk of exploitation.