DirectorySecurity Advisories
Sign In
Security Advisories

CGA-c9c8-j955-mvv7

Published

Last updated

https://images.chainguard.dev/security/CGA-c9c8-j955-mvv7
Package

grafana-10.3

Latest Update
Fix not planned
Aliases
  • GHSA-mh55-gqvf-xfwm

Summary

Denial of service via malicious preflight requests in github.com/rs/cors

Description

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsPricingOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation