CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the `/dataset/new` endpoint (including either the auth cookie or the `Authorization` header) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server. To trigger this error, the attacker need to have permissions to create or edit datasets. This vulnerability has been patched in CKAN 2.10.3 and 2.9.10.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-12-13T20:47:12.784Z

Updated: 2024-08-02T22:09:50.003Z

Reserved: 2023-12-05T20:42:59.377Z

Link: CVE-2023-50248

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-13T21:15:08.660

Modified: 2024-11-21T08:36:44.680

Link: CVE-2023-50248

cve-icon Redhat

No data.