CVE-2021-29433

CVSS v4.0

5.3

Medium

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: Sydent versions 2.2.0 and prior

Description: The issue is related to missing input validation of some parameters on the endpoints used to confirm third-party identifiers, which could cause excessive use of disk space and memory leading to resource exhaustion.

Recommendations: For Sydent versions 2.2.0 and prior, update to version 2.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the endpoints used to confirm third-party identifiers until a patch is applied. Avoid using parameters that are not properly validated on these endpoints until the issue is resolved.

Fix

RCE

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-400

Related Identifiers

CVE-2021-29433

GHSA-PW4V-GR34-2553

PYSEC-2021-24

Affected Products

Sydent

CVE-2021-29433

Weakness Enumeration

Related Identifiers

Affected Products

References · 10