Description

Endpoints allow more content to be added to the body than is usually allowed by the endpoint, thus making it possible to send massive amounts of characters and expand attack vectors.

Impact

Send massive information in the request body.

Recommendation

Validate on the server side that user entries comply with a character limit.

Threat

Authorized attacker from the Internet.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

Fixes