Описание
The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
A flaw was found in the Eclipse Milo SDK Server. This flaw allows an attacker to consume the application memory, leading to a denial of service by sending specific requests.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | org.eclipse.milo-sdk-serve | Will not fix | ||
| Red Hat Integration Camel K 1 | org.eclipse.milo-sdk-server | Not affected | ||
| Red Hat Integration Camel Quarkus 1 | org.eclipse.milo-sdk-server | Not affected | ||
| RHINT Camel-Springboot 3.18.3 | org.eclipse.milo-sdk-server | Fixed | RHSA-2022:8902 | 08.12.2022 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
Eclipse Milo vulnerable to Resource Exhaustion (Denial of Service)
7.5 High
CVSS3