Описание
Denial of Service in apostrophe
Versions of apostrophe prior to 2.97.1 are vulnerable to Denial of Service. The apostrophe-jobs module sets a callback for incoming jobs and doesn't clear it regardless of its status. This causes the server to accumulate callbacks, allowing an attacker to start a large number of jobs and exhaust system memory.
Recommendation
Upgrade to version 2.97.1 or later.
Пакеты
Наименование
apostrophe
npm
Затронутые версииВерсия исправления
< 2.97.1
2.97.1
Дефекты
CWE-400
Дефекты
CWE-400