CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the `/dataset/new` endpoint (including either the auth cookie or the `Authorization` header) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server. To trigger this error, the attacker need to have permissions to create or edit datasets. This vulnerability has been patched in CKAN 2.10.3 and 2.9.10.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-12-13T20:47:12.784Z
Updated: 2024-08-02T22:09:50.003Z
Reserved: 2023-12-05T20:42:59.377Z
Link: CVE-2023-50248
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-12-13T21:15:08.660
Modified: 2024-11-21T08:36:44.680
Link: CVE-2023-50248
Redhat
No data.