| module: github.com/revel/revel |
| versions: |
| - fixed: v1.0.0 |
| description: | |
| If the application accepts |
| [slice parameters](https://revel.github.io/manual/parameters.html#slices), an |
| attacker can cause the application to allocate large amounts of memory and |
| crash by manipulating the request query. |
| published: 2021-04-14T12:00:00Z |
| credit: "@SYM01" |
| links: |
| pr: https://github.com/revel/revel/pull/1427 |
| commit: https://github.com/revel/revel/commit/d160ecb72207824005b19778594cbdc272e8a605 |
| context: |
| - https://github.com/revel/revel/issues/1424 |
| cve_metadata: |
| id: CVE-9999-0002 |
| cwe: "CWE-400: Uncontrolled Resource Consumption" |
| description: | |
| Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 |
| allows remote attackers to cause resource exhaustion via memory allocation. |