Minder's `HandleGithubWebhook` is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests to `HandleGithubWebhook` to crash the Minder controlplane and deny other users from using it. This vulnerability is fixed in 0.0.48.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-05-07T14:12:19.954Z
Updated: 2024-08-02T02:42:59.894Z
Reserved: 2024-04-30T06:56:33.385Z
Link: CVE-2024-34084
Vulnrichment
Updated: 2024-08-02T02:42:59.894Z
NVD
Status : Awaiting Analysis
Published: 2024-05-07T15:15:09.540
Modified: 2024-05-07T20:07:58.737
Link: CVE-2024-34084
Redhat
No data.