Veracode Vulnerability DatabaseVERACODE:47624Denial Of Service (DoS)
5.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.8%
github.com/stacklok/minder is vulnerable to Denial Of Service (DoS). The vulnerability is due to a lack of input validation within the Clone() method when handling Git URLs provided by Minder users. The vulnerability allows Minder users to clone large repositories without enforcing size limits, leading to memory exhaustion and server crashes.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/stacklok/minder | le | v0.0.51 | |
| github.com/stacklok/minder | le | v0.0.51 |
References
github.com/advisories/GHSA-hpcg-xjq5-g666
github.com/stacklok/minder/blob/85985445c8ac3e51f03372e99c7b2f08a6d274aa/internal/providers/git/git.go#L55-L89
github.com/stacklok/minder/blob/85985445c8ac3e51f03372e99c7b2f08a6d274aa/internal/providers/git/git.go#L56-L62
github.com/stacklok/minder/commit/35bab8f9a6025eea9e6e3cef6bd80707ac03d2a9
github.com/stacklok/minder/commit/7979b43
github.com/stacklok/minder/security/advisories/GHSA-hpcg-xjq5-g666
Related
5.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.8%