CVE-2021-28667 – st2client

Package

Manager: pip
Name: st2client
Vulnerable Version: <0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: N/A

EPSS: 0.00552 pctl0.67044

Details

StackStorm st2 Infinite Loop Condition StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data (from an action or rule name).

Metadata

Created: 2022-05-24T17:44:46Z
Modified: 2023-08-07T20:56:50Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-39mj-fpg2-3jrg/GHSA-39mj-fpg2-3jrg.json
CWE IDs: ["CWE-835"]
Alternative ID: GHSA-39mj-fpg2-3jrg
Finding: N/A
Auto approve: 0