Uncontrolled Resource Consumption Affecting github.com/stacklok/minder/internal/engine/ingester/rest package, versions <0.0.49


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.04% (12th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Uncontrolled Resource Consumption vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-GOLANG-GITHUBCOMSTACKLOKMINDERINTERNALENGINEINGESTERREST-6861682
  • published17 May 2024
  • disclosed16 May 2024
  • creditAdamKorcz

Introduced: 16 May 2024

CVE-2024-35185  (opens in a new tab)
CWE-400  (opens in a new tab)

How to fix?

Upgrade github.com/stacklok/minder/internal/engine/ingester/rest to version 0.0.49 or higher.

Overview

Affected versions of this package are vulnerable to Uncontrolled Resource Consumption via the REST ingester process. An attacker can cause a denial of service by sending requests to remote REST endpoints that return responses with large bodies, which can drain memory and crash the server.

References

CVSS Base Scores

version 3.1