Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CKAN out of memory error when submitting the dataset form with a specially-crafted field
Vulnerability Description
CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the `/dataset/new` endpoint (including either the auth cookie or the `Authorization` header) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server. To trigger this error, the attacker need to have permissions to create or edit datasets. This vulnerability has been patched in CKAN 2.10.3 and 2.9.10.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
Vulnerability Type
长度参数不一致性处理不恰当
Vulnerability Title
CKAN 安全漏洞
Vulnerability Description
CKAN是一个开源 Dms(数据管理系统)。用于为数据中心和数据门户提供动力。 CKAN存在安全漏洞,该漏洞源于攻击者可以在托管服务器中创建内存不足错误。
CVSS Information
N/A
Vulnerability Type
N/A