Vulnerability against DoS attack via labels

2007-07-23T11:45:54
ID ATLASSIAN:CONF-8978
Type atlassian
Reporter felho
Modified 2017-02-17T05:35:48

Description

Description: When you give more labels to a content, then Confluence split up the user input on spaces, and then make az SQL query against each word (or something like this).

Exploit: Giving x thousand characters (depends on the machine) separated by space as label results the system is breaking down.