GMS-2019-14: Buffer Overflow in centra

September 30, 2019 (updated September 20, 2021)

Denial of Service

Impact

Affected Centra versions will, when not in stream mode, buffer responses to requests into memory with no size limit. This issue affects anyone requesting content from untrusted sources.

Patches

resolves the issue by limiting the size of buffered response body.

Workarounds

Attempting workarounds isn’t recommended. Updating is preferred.

For more information

If you have any questions or comments about this advisory, open an issue in ethanent/centra.

References

github.com/advisories/GHSA-v6cj-r88p-92rm
github.com/ethanent/centra/security/advisories/GHSA-v6cj-r88p-92rm
snyk.io/vuln/SNYK-JS-CENTRA-536073

Code Behaviors & Features

Detect and mitigate GMS-2019-14 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →