octo-sts vulnerable to unauthenticated attacker causing unbounded CPU and memory usage
Description
Published to the GitHub Advisory Database
May 13, 2024
Reviewed
May 13, 2024
Published by the National Vulnerability Database
May 14, 2024
Last updated
Jul 5, 2024
Impact
This vulnerability can spike the resource utilization of the STS service, and combined with a significant traffic volume could potentially lead to a denial of service.
Patches
This vulnerability existed in the repository at HEAD, we will cut a 0.1.0 release with the fix.
Workarounds
None
References
None
References