CVE-2023-37279
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-37279
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-37279.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-37279
- Aliases
- Related
- Published
- 2023-09-20T22:15:13Z
- Modified
- 2025-01-14T11:49:15.155509Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param
days. The vulnerability is related to how the backend reads thedaysURL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string slice. If a very large value is provided, the backend server ends up using a significant amount of memory and causing it to crash. Version 1.8.0 fixes this issue. - References
Affected packages
Git / github.com/contribsys/faktory
Affected ranges
- Type
- GIT
- Repo
- https://github.com/contribsys/faktory
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.6.0-1
v0.6.1-1
v0.7.0-1
v0.8.0-1
v0.9.0-1
v0.9.1-1
v0.9.2-1
v0.9.3-1
v0.9.4-1
v0.9.5-1
v0.9.6-1
v0.9.7-1
v1.*
v1.0.0-1
v1.0.1-1
v1.1.0-1
v1.1.0-2
v1.2.0-1
v1.3.0-1
v1.4.0-1
v1.4.1-1
v1.4.2-1
v1.5.0
v1.5.0-1
v1.5.1
v1.5.1-1
v1.5.2
v1.5.2-1
v1.5.3
v1.5.4
v1.5.5
v1.6.0
v1.6.1
v1.6.2
v1.7.0