blob: 98051d1e3e8b11fe2b4e0107a1876208a827d991 [file] [log] [blame]
module: github.com/revel/revel
versions:
- fixed: v1.0.0
description: |
If the application accepts
[slice parameters](https://revel.github.io/manual/parameters.html#slices), an
attacker can cause the application to allocate large amounts of memory and
crash by manipulating the request query.
published: 2021-04-14T12:00:00Z
credit: "@SYM01"
links:
pr: https://github.com/revel/revel/pull/1427
commit: https://github.com/revel/revel/commit/d160ecb72207824005b19778594cbdc272e8a605
context:
- https://github.com/revel/revel/issues/1424
cve_metadata:
id: CVE-9999-0002
cwe: "CWE-400: Uncontrolled Resource Consumption"
description: |
Unsanitized input in the query parser in github.com/revel/revel before v1.0.0
allows remote attackers to cause resource exhaustion via memory allocation.