GHSA-5pf6-cq2v-23ww: WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service

December 19, 2024 (updated December 20, 2024)

A Denial of Service (DoS) vulnerability in the authentication middleware allows any client to cause memory exhaustion by sending large request bodies. The server reads the entire request body into memory without size limits, creating multiple copies during processing, which can lead to Out of Memory conditions.

Affects all versions up to the latest one (v0.43.0).

References

github.com/advisories/GHSA-5pf6-cq2v-23ww
github.com/clidey/whodb
github.com/clidey/whodb/commit/e8b608d35422e1a2bfffe8ed26f0211ea80cb439
github.com/clidey/whodb/security/advisories/GHSA-5pf6-cq2v-23ww

Code Behaviors & Features

Detect and mitigate GHSA-5pf6-cq2v-23ww with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →