Denial of Service in apostrophe

GHSA-pv6r-vchh-cxg9

Published Sep 3, 2020 · Modified Aug 31, 2020

Description

Versions of apostrophe prior to 2.97.1 are vulnerable to Denial of Service. The apostrophe-jobs module sets a callback for incoming jobs and doesn't clear it regardless of its status. This causes the server to accumulate callbacks, allowing an attacker to start a large number of jobs and exhaust system memory.

Recommendation

Upgrade to version 2.97.1 or later.

References

WEB https://www.npmjs.com/advisories/1183

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes