logo

Database

Asymmetric denial of service In atomys.codes/stud42

Description

Stud42 vulnerable to denial of service A security vulnerability has been identified in the GraphQL parser used by the API of s42.app. An attacker can overload the parser and cause the API pod to crash. With a bit of threading, the attacker can bring down the entire API, resulting in an unhealthy stream. This vulnerability can be exploited by sending a specially crafted request to the API with a large payload.

An attacker can exploit this vulnerability to cause a denial of service (DoS) attack on the s42.app API, resulting in unavailability of the API for legitimate users.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GHSA-3hwm-922r-47hw2. GCVE-GHSA-3hwm-922r-47hw

References

1. https://github.com/42Atomys/stud42/security/advisories/GHSA-3hwm-922r-47hw2. https://github.com/42Atomys/stud42/issues/4123. https://github.com/42Atomys/stud42/commit/a70bfc72fba721917bf681d72a58093fb9deee17

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.