漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding
Vulnerability Description
Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service (DoS) vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint (`/signalk/v1/access/requests`). This causes a "JavaScript heap out of memory" error due to unbounded in-memory storage of request objects. Version 2.19.0 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Signal K Server 安全漏洞
Vulnerability Description
Signal K Server是Signal K开源的一个船用中央服务器。 Signal K Server 2.19.0之前版本存在安全漏洞,该漏洞源于未经验证的攻击者可通过访问请求端点泛洪攻击导致服务器崩溃,可能导致拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A