CVE-2025-27100
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-27100
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27100.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-27100
- Aliases
- Published
- 2025-02-21T00:15:09Z
- Modified
- 2025-03-03T19:42:03.187966Z
- Summary
- [none]
- Details
-
lakeFS is an open-source tool that transforms your object storage into a Git-like repository. In affected versions an authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. This problem has been patched in version 1.50.0. Users on versions 1.49.1 and below are affected. Users are advised to upgrade. Users unable to upgrade should either set the environment variable
LAKEFS_BLOCKSTORE_S3_DISABLE_PRE_SIGNED_MULTIPARTtotrueor configure thedisable_pre_signed_multipartkey to true in their config yaml. - References
Affected packages
Git / github.com/treeverse/lakefs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/treeverse/lakefs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.81.0
0.81.1
1.*
1.48.1
Other
ci/binary_without_archive
list
ls
hadoop-lakefs-0.*
hadoop-lakefs-0.1.11
hadoop-lakefs-0.1.12
hadoop-lakefs-0.1.14
hadoop-lakefs-0.1.15
hadoop-lakefs-0.2.0
hadoop-lakefs-0.2.1
lakefs-rclone-export-0.*
lakefs-rclone-export-0.3.0
lakefs-rclone-export-0.3.1
lakefs-spark-client-0.*
lakefs-spark-client-0.10.0
lakefs-spark-client-0.11.0
lakefs-spark-client-0.14.0
lakefs-spark-client-0.2.2
lakefs-spark-client-0.3.0
lakefs-spark-client-0.4.0
lakefs-spark-client-0.5.0
lakefs-spark-client-0.5.1
lakefs-spark-client-0.5.2
lakefs-spark-client-0.6.0
lakefs-spark-client-0.6.2
lakefs-spark-client-0.6.3
lakefs-spark-client-0.6.4
lakefs-spark-client-0.6.5
lakefs-spark-client-0.7.2
lakefs-spark-client-0.7.3
lakefs-spark-client-0.8.0
lakefs-spark-client-0.8.1
lakefs-spark-client-0.9.0
lakefs-spark-client-0.9.1
v0.*
v0.10.0
v0.10.1
v0.10.2
v0.100.0
v0.101.0
v0.101.1
v0.102.0
v0.102.1
v0.102.2
v0.103.0
v0.104.0
v0.105.0
v0.106.0
v0.106.1
v0.106.2
v0.107.0
v0.107.1
v0.108.0
v0.109.0
v0.11.0
v0.11.1
v0.110.0
v0.111.0
v0.111.1
v0.111.2-RC.0
v0.112.0
v0.112.1
v0.113.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16.0
v0.16.1
v0.16.2
v0.17.0
v0.18.0
v0.19.0
v0.20.0
v0.20.1
v0.21.0
v0.21.1
v0.21.2
v0.21.3
v0.21.4
v0.22.0
v0.22.1
v0.23.0
v0.23.1
v0.30.0
v0.31.0
v0.31.1
v0.31.2
v0.32.0
v0.32.1
v0.33.0
v0.33.1
v0.40.0
v0.40.1
v0.40.2
v0.40.3
v0.41.0
v0.41.1
v0.42.0
v0.43.0
v0.44.0
v0.44.1
v0.45.0
v0.45.1
v0.46.0
v0.47.0
v0.48.0
v0.48.1
v0.49
v0.49.0
v0.50.0
v0.51.0
v0.52.0
v0.52.1
v0.52.2
v0.53.0
v0.53.1
v0.54.0
v0.55.0
v0.56.0
v0.57.0
v0.57.1
v0.57.2
v0.58.0
v0.58.1
v0.59.0
v0.60.0
v0.60.1
v0.61.0
v0.62.0
v0.63.0
v0.64.0
v0.65.0
v0.66.0
v0.67.0
v0.68.0
v0.69.0
v0.69.1
v0.70.0
v0.70.1
v0.70.2
v0.70.3
v0.70.4
v0.70.5
v0.70.6
v0.8.1
v0.8.2
v0.80.0
v0.80.1
v0.82.0
v0.83.0
v0.83.2
v0.83.3
v0.83.4
v0.84.0
v0.85.0
v0.86.0
v0.87.0
v0.87.1
v0.88.0
v0.89.0
v0.9.0
v0.90.0
v0.90.1
v0.91.0
v0.92.0
v0.93.0
v0.93.0-RC.0
v0.94.0
v0.94.1
v0.95.0
v0.96.0
v0.96.1
v0.97.0
v0.97.1
v0.97.2
v0.97.3
v0.97.4
v0.97.5
v0.98.0
v0.99.0
v0.99.1
v1.*
v1.0.0
v1.1.0
v1.10.0
v1.11.0
v1.11.1
v1.12.0
v1.12.1
v1.13.0
v1.14.0
v1.14.1
v1.15.0
v1.16.0
v1.17.0
v1.18.0
v1.19.0
v1.2.0
v1.20.0
v1.21.0
v1.22.0
v1.23.0
v1.24.0
v1.25.0
v1.26.0
v1.26.1
v1.27.0
v1.28.0
v1.28.1
v1.28.2
v1.29.0
v1.3.0
v1.3.1
v1.30.0
v1.30.1
v1.31.0
v1.31.1
v1.32.0
v1.32.1
v1.33.0
v1.34.0
v1.35.0
v1.36.0
v1.37.0
v1.38.0
v1.39.0
v1.39.1
v1.39.1-test
v1.39.2
v1.4.0
v1.40.0
v1.41.0
v1.42.0
v1.43.0
v1.44.0
v1.45.0
v1.46.0
v1.47.0
v1.48.0
v1.48.1
v1.48.2
v1.49.0
v1.49.1
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.9.0
v1.9.1