Количество 3
Количество 3
CVE-2025-53634
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service (DoS). Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is highly recommended to bury Chall-Manager deep within the infrastructure due to its large capabilities, so no users could reach the system. Patch has been implemented by commit 1385bd8 and shipped in v0.1.4.
GHSA-ggmv-j932-q89q
Chall-Manager's HTTP Gateway is vulnerable to DoS due to missing header timeout
BDU:2026-00128
Уязвимость программного обеспечения Chall-Manager, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-53634 Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service (DoS). Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is highly recommended to bury Chall-Manager deep within the infrastructure due to its large capabilities, so no users could reach the system. Patch has been implemented by commit 1385bd8 and shipped in v0.1.4. | CVSS3: 7.5 | 0% Низкий | 7 месяцев назад |
| GHSA-ggmv-j932-q89q Chall-Manager's HTTP Gateway is vulnerable to DoS due to missing header timeout | CVSS3: 7.5 | 0% Низкий | 7 месяцев назад |
 | BDU:2026-00128 Уязвимость программного обеспечения Chall-Manager, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 0% Низкий | 7 месяцев назад |
Уязвимостей на страницу