Описание
Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.31.1 (исключая)
cpe:2.3:a:tendermint:tendermint:*:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00271
Низкий
7.5 High
CVSS3
Дефекты
CWE-400
Связанные уязвимости
CVSS3: 7.5
ubuntu
около 3 лет назад
Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector.
CVSS3: 7.5
debian
около 3 лет назад
Due to support of Gzip compression in request bodies, as well as a lac ...
CVSS3: 7.5
github
около 3 лет назад
Tendermint Client package vulnerable to Uncontrolled Resource Consumption
EPSS
Процентиль: 50%
0.00271
Низкий
7.5 High
CVSS3
Дефекты
CWE-400