CVE-2021-32848

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Octobox versions prior to pull request 2807

Description Octobox is software for managing GitHub notifications. A user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability.

Recommendations For versions prior to pull request 2807, update to a version that includes the fix from pull request 2807 to resolve the issue. As a temporary workaround, consider restricting the ability for users to input specially crafted search query strings until the update is applied.

Exploit

Fix

Allocation of Resources Without Limits

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-1333

Related Identifiers

CVE-2021-32848

Affected Products

Octobox

CVE-2021-32848

Weakness Enumeration

Related Identifiers

Affected Products

References · 7