Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
zae-limiter: DynamoDB hot partition throttling enables per-entity Denial of Service
Vulnerability Description
zae-limiter is a rate limiting library using the token bucket algorithm. Prior to version 0.10.1, all rate limit buckets for a single entity share the same DynamoDB partition key (`namespace/ENTITY#{id}`). A high-traffic entity can exceed DynamoDB's per-partition throughput limits (~1,000 WCU/sec), causing throttling that degrades service for that entity — and potentially co-located entities in the same partition. Version 0.10.1 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
zae-limiter 安全漏洞
Vulnerability Description
zae-limiter是ZeroAE开源的一个速率限制库。 zae-limiter 0.10.1之前版本存在安全漏洞,该漏洞源于单个实体的所有速率限制桶共享相同的DynamoDB分区键,可能导致高流量实体超出DynamoDB的每分区吞吐量限制,引发限制并降低该实体及同一分区中其他共存实体的服务性能。
CVSS Information
N/A
Vulnerability Type
N/A