Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Potential DoS in Besu HTTP JSON-RPC API
Vulnerability Description
Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. In Besu before version 1.5.1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API service. If username and password authentication is enabled for the HTTP JSON-RPC API service, then prior to making any requests to an API endpoint the requestor must use the login endpoint to obtain a JSON web token (JWT) using their credentials. A single user can readily overload the login endpoint with invalid requests (incorrect password). As the supplied password is checked for validity on the main vertx event loop and takes a relatively long time this can cause the processing of other valid requests to fail. A valid username is required for this vulnerability to be exposed. This has been fixed in version 1.5.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Matkt Hyperledger Besu 资源管理错误漏洞
Vulnerability Description
Matkt Hyperledger Besu是 (Matkt)开源的一个应用程序。用于运行,维护,调试和监视以太坊网络中的节点。 Hyperledger Besu 存在安全漏洞,该漏洞源于单个用户很容易用无效的请求(不正确的密码)重载登录端点。
CVSS Information
N/A
Vulnerability Type
N/A