Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings
Vulnerability Description
Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to `1.4.4` are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intended and cause downstream impacts to other clients on the same hardware, eventually causing the physical server to stop responding. Users should upgrade to `1.4.4` to mitigate the issue. There is no non-code based workaround for impacted versions of the software. Users running customized versions of this software can manually set a PID limit for containers created.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Pterodactyl 资源管理错误漏洞
Vulnerability Description
Pterodactyl是一款使用PHP、Nodejs和Go构建的开源游戏服务器管理面板。 Pterodactyl 1.4.4之前的所有版本存在安全漏洞,该漏洞源于定义了不恰当的容器进程限制。恶意用户可能会消耗比预期更多的资源,并对同一硬件上的其他客户机造成下行影响,最终导致物理服务器停止响应。
CVSS Information
N/A
Vulnerability Type
N/A