CVE-2020-36568

Name of the Vulnerable Software and Affected Versions: revel versions prior to 1.0.0

Description: The issue is caused by unsanitized input in the query parser, allowing remote attackers to cause resource exhaustion via memory allocation. An attacker can manipulate the request query sent to an application that accepts slice parameters, such as those described at https://revel.github.io/manual/parameters.html#slices, to allocate large amounts of memory and crash the application.

Recommendations: For versions prior to 1.0.0, update to version 1.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to slice parameters to minimize the risk of exploitation. Avoid using slice parameters in the affected API endpoints until the issue is resolved.