CVE-2024-32874

Name of the Vulnerable Software and Affected Versions Frigate versions prior to 0.13.2

Description The issue arises from the lack of limitation on the length of filenames and the costly use of Unicode normalization with the form NFKD under the hood of the secure filename() function. This can lead to an application-level denial of service when a user intentionally uploads a file or retrieves a filename with a large Unicode name.

Recommendations For versions prior to 0.13.2, update to version 0.13.2 or later to resolve the issue. As a temporary workaround, consider restricting the length of filenames to prevent intentional denial of service attacks.