| { |
| "schema_version": "1.4.0", |
| "id": "GHSA-3hwm-922r-47hw", |
| "modified": "2023-04-25T23:06:52Z", |
| "published": "2023-03-31T19:33:44Z", |
| "summary": "Stud42 vulnerable to denial of service", |
| "details": "A security vulnerability has been identified in the GraphQL parser used by the API of s42.app. An attacker can overload the parser and cause the API pod to crash. With a bit of threading, the attacker can bring down the entire API, resulting in an unhealthy stream. This vulnerability can be exploited by sending a specially crafted request to the API with a large payload.\n\nAn attacker can exploit this vulnerability to cause a denial of service (DoS) attack on the s42.app API, resulting in unavailability of the API for legitimate users.", |
| "affected": [ |
| { |
| "package": { |
| "ecosystem": "Go", |
| "name": "atomys.codes/stud42" |
| }, |
| "ranges": [ |
| { |
| "type": "ECOSYSTEM", |
| "events": [ |
| { |
| "introduced": "0" |
| }, |
| { |
| "fixed": "0.23.0" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "severity": [ |
| { |
| "type": "CVSS_V3", |
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" |
| } |
| ], |
| "references": [ |
| { |
| "type": "WEB", |
| "url": "https://github.com/42Atomys/stud42/security/advisories/GHSA-3hwm-922r-47hw" |
| }, |
| { |
| "type": "WEB", |
| "url": "https://github.com/42Atomys/stud42/issues/412" |
| }, |
| { |
| "type": "WEB", |
| "url": "https://github.com/42Atomys/stud42/commit/a70bfc72fba721917bf681d72a58093fb9deee17" |
| }, |
| { |
| "type": "PACKAGE", |
| "url": "https://github.com/42Atomys/stud42" |
| } |
| ], |
| "database_specific": { |
| "cwe_ids": [ |
| "CWE-400" |
| ], |
| "github_reviewed": true, |
| "github_reviewed_at": "2023-03-31T19:33:44Z", |
| "nvd_published_at": null, |
| "severity": "HIGH" |
| } |
| } |
