| - module: github.com/tendermint/tendermint |
| - package: github.com/tendermint/tendermint/rpc/lib/client |
| Due to support of Gzip compression in request bodies, as well |
| as a lack of limiting response body sizes, a malicious server |
| can cause a client to consume a significant amount of system |
| resources, which may be used as a denial of service vector. |
| published: 2021-04-14T20:04:52Z |
| - fix: https://github.com/tendermint/tendermint/pull/3430 |
| - fix: https://github.com/tendermint/tendermint/commit/03085c2da23b179c4a51f59a03cb40aa4e85a613 |
| cwe: 'CWE-400: Uncontrolled Resource Consumption' |