CVE-2022-27897

Name of the Vulnerable Software and Affected Versions Palantir Gotham versions prior to 3.22.11.2

Description The issue concerns an unauthenticated endpoint that loads portions of maliciously crafted zip files to memory. An attacker could exploit this by repeatedly uploading a malicious zip file, allowing them to exhaust memory resources on the dispatch server.

Recommendations For Palantir Gotham versions prior to 3.22.11.2, update to version 3.22.11.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the unauthenticated endpoint to minimize the risk of exploitation.