blob: d0b7fd2f001ce1b51fc233e615ad8fafa31a41c7 [file] [log] [blame]
id: GO-TEST-ID
modules:
- module: atomys.codes/stud42
versions:
- fixed: 0.23.0
summary: Stud42 vulnerable to denial of service in atomys.codes/stud42
description: |-
A security vulnerability has been identified in the GraphQL parser used by the
API of s42.app. An attacker can overload the parser and cause the API pod to
crash. With a bit of threading, the attacker can bring down the entire API,
resulting in an unhealthy stream. This vulnerability can be exploited by sending
a specially crafted request to the API with a large payload.
An attacker can exploit this vulnerability to cause a denial of service (DoS)
attack on the s42.app API, resulting in unavailability of the API for legitimate
users.
ghsas:
- GHSA-3hwm-922r-47hw
references:
- advisory: https://github.com/42Atomys/stud42/security/advisories/GHSA-3hwm-922r-47hw
- web: https://github.com/42Atomys/stud42/issues/412
- web: https://github.com/42Atomys/stud42/commit/a70bfc72fba721917bf681d72a58093fb9deee17
notes:
- lint: 'modules[0] "atomys.codes/stud42": version 0.23.0 does not exist'