blob: 25b9d92f450b986a49e9f0c5b48627e884602630 [file] [log] [blame]
id: GO-2020-0003
modules:
- module: github.com/revel/revel
versions:
- fixed: 1.0.0
vulnerable_at: 0.21.0
packages:
- package: github.com/revel/revel
summary: Resource exhaustion in github.com/revel/revel
description: |-
An attacker can cause an application that accepts slice parameters
(https://revel.github.io/manual/parameters.html#slices) to allocate large
amounts of memory and crash through manipulating the request query sent to the
application.
published: 2021-04-14T20:04:52Z
ghsas:
- GHSA-hggr-p7v6-73p5
credits:
- '@SYM01'
references:
- fix: https://github.com/revel/revel/pull/1427
- fix: https://github.com/revel/revel/commit/d160ecb72207824005b19778594cbdc272e8a605
- web: https://github.com/revel/revel/issues/1424
cve_metadata:
id: CVE-2020-36568
cwe: 'CWE-400: Uncontrolled Resource Consumption'
description: |-
Unsanitized input in the query parser in github.com/revel/revel before v1.0.0
allows remote attackers to cause resource exhaustion via memory allocation.
review_status: REVIEWED