GHSA-7fgc-89cx-w8j5
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7fgc-89cx-w8j5
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-7fgc-89cx-w8j5/GHSA-7fgc-89cx-w8j5.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-7fgc-89cx-w8j5
- Aliases
- Published
- 2023-12-13T23:08:35Z
- Modified
- 2023-12-13T23:26:27.774277Z
- Severity
-
- 4.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Out of memory error when submitting the dataset form with a specially-crafted field
- Details
-
Impact
When submitting a POST request to the
/dataset/newendpoint (including either the auth cookie or theAuthorizationheader) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server.To trigger this error the user needs to have permissions to create or edit datasets.
Patches
This vulnerability has been patched in CKAN 2.10.3 and 2.9.10
- Database specific
{ "nvd_published_at": "2023-12-13T21:15:08Z", "cwe_ids": [ "CWE-130" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-12-13T23:08:35Z" }- References
Affected packages
PyPI / ckan
Package
- Name
- ckan
- View open source insights on deps.dev
- Purl
- pkg:pypi/ckan
Affected versions
2.*
2.0
2.0.1
2.0.7
2.0.8
2.1
2.1.1
2.1.5
2.1.6
2.2
2.2.1
2.2.3
2.2.4
2.3
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.8
2.4.9
2.5.0
2.5.1
2.5.2
2.5.3
2.5.4
2.5.6
2.5.7
2.5.8
2.5.9
2.6.0
2.6.1
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.7.6
2.7.7
2.7.8
2.7.9
2.7.10
2.7.11
2.7.12
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.8.6
2.8.7
2.8.8
2.8.9
2.8.10
2.8.11
2.8.12
2.9.0
2.9.1
2.9.2
2.9.3
2.9.4
2.9.5
2.9.6
2.9.7
2.9.8
2.9.9
PyPI / ckan
Package
- Name
- ckan
- View open source insights on deps.dev
- Purl
- pkg:pypi/ckan