| id: GO-TEST-ID |
| modules: |
| - module: atomys.codes/stud42 |
| versions: |
| - fixed: 0.23.0 |
| summary: Stud42 vulnerable to denial of service |
| description: |- |
| A security vulnerability has been identified in the GraphQL parser used by the |
| API of s42.app. An attacker can overload the parser and cause the API pod to |
| crash. With a bit of threading, the attacker can bring down the entire API, |
| resulting in an unhealthy stream. This vulnerability can be exploited by sending |
| a specially crafted request to the API with a large payload. |
| |
| An attacker can exploit this vulnerability to cause a denial of service (DoS) |
| attack on the s42.app API, resulting in unavailability of the API for legitimate |
| users. |
| ghsas: |
| - GHSA-3hwm-922r-47hw |
| references: |
| - web: https://github.com/42Atomys/stud42/security/advisories/GHSA-3hwm-922r-47hw |
| - web: https://github.com/42Atomys/stud42/issues/412 |
| - web: https://github.com/42Atomys/stud42/commit/a70bfc72fba721917bf681d72a58093fb9deee17 |
| - package: https://github.com/42Atomys/stud42 |
| notes: |
| - 'lint: atomys.codes/stud42: bad version "0.23.0": HTTP GET /atomys.codes/stud42/@v/v0.23.0.mod returned status 404 Not Found' |
| - 'lint: redundant non-advisory reference to GHSA-3hwm-922r-47hw' |