rdiffweb prior to 2.4.8 is vulnerable to a potential Dos attack via an unlimited length "title" field when adding an SSH key. This can result in excess memory consumption, leading to a Denial of Service (DoS). This issue is patched in version 2.4.8. There are no known workarounds.