Описание
Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service (DoS) vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint (/signalk/v1/access/requests). This causes a "JavaScript heap out of memory" error due to unbounded in-memory storage of request objects. Version 2.19.0 fixes the issue.
Ссылки
- Release Notes
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.19.0 (исключая)
cpe:2.3:a:signalk:signal_k_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00107
Низкий
7.5 High
CVSS3
Дефекты
CWE-400
Связанные уязвимости
CVSS3: 7.5
github
около 1 месяца назад
Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding
EPSS
Процентиль: 29%
0.00107
Низкий
7.5 High
CVSS3
Дефекты
CWE-400