Описание
Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport.
An uncontrolled resource consumption vulnerability was found in engine.io. If an attacker crafts a packet with a very large payload length or crafts many small packets, this can cause the engine.io to consume an ever increasing amount of memory and/or CPU, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Отчет
Red Hat Quay uses engine.io as a dependency of karma. Karma and therefore engine.io are only used at build time, and not during runtime, making this vulnerability low impact for Red Hat Quay.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Quay 3 | quay/quay-builder-qemu-rhcos-rhel8 | Fix deferred | ||
| Red Hat Quay 3 | quay/quay-rhel8 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport.
EPSS
7.5 High
CVSS3