| id: GO-ID-PENDING |
| modules: |
| - module: atomys.codes/stud42 |
| versions: |
| - fixed: 0.23.0 |
| summary: Stud42 vulnerable to denial of service in atomys.codes/stud42 |
| description: |- |
| A security vulnerability has been identified in the GraphQL parser used by the |
| API of s42.app. An attacker can overload the parser and cause the API pod to |
| crash. With a bit of threading, the attacker can bring down the entire API, |
| resulting in an unhealthy stream. This vulnerability can be exploited by sending |
| a specially crafted request to the API with a large payload. |
| |
| An attacker can exploit this vulnerability to cause a denial of service (DoS) |
| attack on the s42.app API, resulting in unavailability of the API for legitimate |
| users. |
| ghsas: |
| - GHSA-3hwm-922r-47hw |
| references: |
| - advisory: https://github.com/42Atomys/stud42/security/advisories/GHSA-3hwm-922r-47hw |
| - web: https://github.com/42Atomys/stud42/issues/412 |
| - web: https://github.com/42Atomys/stud42/commit/a70bfc72fba721917bf681d72a58093fb9deee17 |
| notes: |
| - lint: 'modules[0] "atomys.codes/stud42": version 0.23.0 does not exist' |
| source: |
| id: GHSA-3hwm-922r-47hw |