Описание
A vulnerability was found in the Infinispan component in Red Hat Data Grid. The REST compare API may have a buffer leak and an out of memory error can occur when sending continual requests with large POST data to the REST API.
Отчет
The REST endpoint is secured (= authentication is required) by default in RHDG, so it is not possible for an anonymous attacker to utilize this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Data Grid 8 | infinispan | Affected | ||
| Red Hat JBoss Data Grid 7 | infinispan | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-401
https://bugzilla.redhat.com/show_bug.cgi?id=2298555infinispan: infinispan: REST compare API has buffer leak
EPSS
Процентиль: 28%
0.001
Низкий
6.5 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.5
nvd
9 месяцев назад
A vulnerability was found in the Infinispan component in Red Hat Data Grid. The REST compare API may have a buffer leak and an out of memory error can occur when sending continual requests with large POST data to the REST API.
CVSS3: 6.5
github
9 месяцев назад
Infinispan Potential Out of Memory Error via REST Compare API Buffer API
EPSS
Процентиль: 28%
0.001
Низкий
6.5 Medium
CVSS3