Lucene search

GitHub Advisory DatabaseGHSA-39MJ-FPG2-3JRG

HistoryMay 24, 2022 - 5:44 p.m.

StackStorm st2 Infinite Loop Condition

2022-05-2417:44:46

CWE-835

GitHub Advisory Database

github.com

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.5%

JSON

StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data (from an action or rule name).

Affected configurations

Vulners

Node

st2clientRange<3.4.1

CPENameOperatorVersion
st2clientlt3.4.1

CPE	Name	Operator	Version
	st2client	lt	3.4.1

References

github.com/advisories/GHSA-39mj-fpg2-3jrg

nvd.nist.gov/vuln/detail/CVE-2021-28667

stackstorm.com/2021/03/10/stackstorm-v3-4-1-security-fix/

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.5%

JSON

Related for GHSA-39MJ-FPG2-3JRG