Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OliveTin: Unauthenticated Denial of Service via Memory Exhaustion in PasswordHash API Endpoint
Vulnerability Description
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.2, the PasswordHash API endpoint allows unauthenticated users to trigger excessive memory allocation by sending concurrent password hashing requests. By issuing multiple parallel requests, an attacker can exhaust available container memory, leading to service degradation or complete denial of service (DoS). The issue occurs because the endpoint performs computationally and memory-intensive hashing operations without request throttling, authentication requirements, or resource limits. This issue has been patched in version 3000.10.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
OliveTin 安全漏洞
Vulnerability Description
OliveTin是OliveTin开源的一个Web应用。 OliveTin 3000.10.2之前版本存在安全漏洞,该漏洞源于PasswordHash API端点允许未经验证的用户触发过多内存分配,可能导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A