漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Potential DoS in Besu HTTP JSON-RPC API
Vulnerability Description
Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. In Besu before version 1.5.1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API service. If username and password authentication is enabled for the HTTP JSON-RPC API service, then prior to making any requests to an API endpoint the requestor must use the login endpoint to obtain a JSON web token (JWT) using their credentials. A single user can readily overload the login endpoint with invalid requests (incorrect password). As the supplied password is checked for validity on the main vertx event loop and takes a relatively long time this can cause the processing of other valid requests to fail. A valid username is required for this vulnerability to be exposed. This has been fixed in version 1.5.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Matkt Hyperledger Besu 资源管理错误漏洞
Vulnerability Description
Matkt Hyperledger Besu是 (Matkt)开源的一个应用程序。用于运行,维护,调试和监视以太坊网络中的节点。 Hyperledger Besu 存在安全漏洞,该漏洞源于单个用户很容易用无效的请求(不正确的密码)重载登录端点。
CVSS Information
N/A
Vulnerability Type
N/A