Описание
Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-github-revel-revel | fixed | 1.0.0-1 | package | |
| golang-github-revel-revel | postponed | buster | package |
Примечания
https://github.com/revel/revel/pull/1427
https://github.com/revel/revel/commit/d160ecb72207824005b19778594cbdc272e8a605 (v1.0.0)
https://github.com/revel/revel/issues/1424
https://pkg.go.dev/vuln/GO-2020-0003
EPSS
Процентиль: 78%
0.01092
Низкий
Связанные уязвимости
CVSS3: 7.5
ubuntu
около 3 лет назад
Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation.
CVSS3: 7.5
nvd
около 3 лет назад
Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation.
EPSS
Процентиль: 78%
0.01092
Низкий