reports/GO-2020-0003.toml - vulndb - Git at Google

 package = "github.com/revel/revel"

 description = """
 If the application accepts
 [slice parameters](https://revel.github.io/manual/parameters.html#slices), an
 attacker can cause the application to allocate large amounts of memory and
 crash by manipulating the request query.
 """

 credit = "@SYM01"

 [[versions]]
 fixed = "v1.0.0"

 [links]
 commit = "https://github.com/revel/revel/commit/d160ecb72207824005b19778594cbdc272e8a605"
 pr = "https://github.com/revel/revel/pull/1427"
 context = ["https://github.com/revel/revel/issues/1424"]

 [cve_metadata]
 id = "CVE-XXXX-0002"
 description = """
 Unsanitized input in the query parser in github.com/revel/revel before v1.0.0
 allows remote attackers to cause resource exhaustion via memory allocation.
 """
 cwe = "CWE-400: Uncontrolled Resource Consumption"
	package = "github.com/revel/revel"

	description = """
	If the application accepts
	[slice parameters](https://revel.github.io/manual/parameters.html#slices), an
	attacker can cause the application to allocate large amounts of memory and
	crash by manipulating the request query.
	"""

	credit = "@SYM01"

	[[versions]]
	fixed = "v1.0.0"

	[links]
	commit = "https://github.com/revel/revel/commit/d160ecb72207824005b19778594cbdc272e8a605"
	pr = "https://github.com/revel/revel/pull/1427"
	context = ["https://github.com/revel/revel/issues/1424"]

	[cve_metadata]
	id = "CVE-XXXX-0002"
	description = """
	Unsanitized input in the query parser in github.com/revel/revel before v1.0.0
	allows remote attackers to cause resource exhaustion via memory allocation.
	"""
	cwe = "CWE-400: Uncontrolled Resource Consumption"