CVE-2023-37279

Name of the Vulnerable Software and Affected Versions Faktory versions prior to 1.8.0

Description The Faktory web dashboard can suffer from denial of service by a crafted malicious URL query parameter days. This issue is related to how the backend reads the days URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string slice. If a very large value is provided, the backend server ends up using a significant amount of memory and causing it to crash.

Recommendations For versions prior to 1.8.0, update to version 1.8.0 to resolve the issue. As a temporary workaround, consider restricting access to the Faktory web dashboard to minimize the risk of exploitation. Avoid using the days parameter in the affected API endpoint until the issue is resolved.