DirectorySecurity Advisories
Sign In
Security Advisories

CGA-crwm-vx7g-3vq8

Published

Last updated

https://images.chainguard.dev/security/CGA-crwm-vx7g-3vq8
Package

grafana-7

Latest Update
Fixed
Fixed Version

7.5.27-r0

Aliases
  • CVE-2023-28119
  • GHSA-5mqj-xc49-246p

Severity

7.5

High

CVSS V3

Summary

crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb

Description

Our use of flate.NewReader does not limit the size of the input. The user could pass more than 1 MB of data in the HTTP request to the processing functions, which will be decompressed server-side using the Deflate algorithm. Therefore, after repeating the same request multiple times, it is possible to achieve a reliable crash since the operating system kills the process.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsPricingOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation