data/reports/GO-2020-0003.yaml - vulndb - Git at Google

 modules:
   - module: github.com/revel/revel
     versions:
       - fixed: 1.0.0
     vulnerable_at: 0.21.0
     packages:
       - package: github.com/revel/revel
 description: |
     An attacker can cause an application that accepts slice parameters
     (https://revel.github.io/manual/parameters.html#slices) to allocate large
     amounts of memory and crash through manipulating the request query sent to the application.
 published: 2021-04-14T20:04:52Z
 ghsas:
   - GHSA-hggr-p7v6-73p5
 credit: '@SYM01'
 references:
   - fix: https://github.com/revel/revel/pull/1427
   - fix: https://github.com/revel/revel/commit/d160ecb72207824005b19778594cbdc272e8a605
   - web: https://github.com/revel/revel/issues/1424
 cve_metadata:
     id: CVE-2020-36568
     cwe: 'CWE-400: Uncontrolled Resource Consumption'
     description: |
         Unsanitized input in the query parser in github.com/revel/revel before v1.0.0
         allows remote attackers to cause resource exhaustion via memory allocation.
	modules:
	- module: github.com/revel/revel
	versions:
	- fixed: 1.0.0
	vulnerable_at: 0.21.0
	packages:
	- package: github.com/revel/revel
	description: \|
	An attacker can cause an application that accepts slice parameters
	(https://revel.github.io/manual/parameters.html#slices) to allocate large
	amounts of memory and crash through manipulating the request query sent to the application.
	published: 2021-04-14T20:04:52Z
	ghsas:
	- GHSA-hggr-p7v6-73p5
	credit: '@SYM01'
	references:
	- fix: https://github.com/revel/revel/pull/1427
	- fix: https://github.com/revel/revel/commit/d160ecb72207824005b19778594cbdc272e8a605
	- web: https://github.com/revel/revel/issues/1424
	cve_metadata:
	id: CVE-2020-36568
	cwe: 'CWE-400: Uncontrolled Resource Consumption'
	description: \|
	Unsanitized input in the query parser in github.com/revel/revel before v1.0.0
	allows remote attackers to cause resource exhaustion via memory allocation.