Описание
octo-sts vulnerable to unauthenticated attacker causing unbounded CPU and memory usage
Impact
This vulnerability can spike the resource utilization of the STS service, and combined with a significant traffic volume could potentially lead to a denial of service.
Patches
This vulnerability existed in the repository at HEAD, we will cut a 0.1.0 release with the fix.
Workarounds
None
References
None
Пакеты
Наименование
github.com/octo-sts/app
go
Затронутые версииВерсия исправления
< 0.1.0
0.1.0
Связанные уязвимости
CVSS3: 3.7
nvd
больше 1 года назад
octo-sts is a GitHub App that acts like a Security Token Service (STS) for the Github API. This vulnerability can spike the resource utilization of the STS service, and combined with a significant traffic volume could potentially lead to a denial of service. This vulnerability is fixed in 0.1.0