Lucene search
CVE-2024-35238
Minder software prior to version 0.0.51 allows a DoS attack by crashing the server when fetching large responses from untrusted sources
Show more
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | GHSA-8FMJ-33GW-G7PW Denial of service of Minder Server from maliciously crafted GitHub attestations | 28 May 202416:55 | – | osv |
| CVE-2024-35238 | 27 May 202418:15 | – | osv |
| GO-2024-2885 Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder | 5 Jun 202415:10 | – | osv |
 | CVE-2024-35238 | 27 May 202418:15 | – | nvd |
 | CVE-2024-35238 Denial of service of Minder Server from maliciously crafted GitHub attestations | 27 May 202417:12 | – | cvelist |
 | CVE-2024-35238 Denial of service of Minder Server from maliciously crafted GitHub attestations | 27 May 202417:12 | – | vulnrichment |
 | Denial Of Service (DoS) | 29 May 202405:36 | – | veracode |
 | Denial of service of Minder Server from maliciously crafted GitHub attestations | 28 May 202416:55 | – | github |
[
{
"vendor": "stacklok",
"product": "minder",
"versions": [
{
"version": "< 0.0.51",
"status": "affected"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| $owner | path | orgs/$owner/attestations/$checksumref | Minder is vulnerable to DoS due to untrusted large response handling from the GitHub attestations endpoint. | CWE-770 |
| $checksumref | path | orgs/$owner/attestations/$checksumref | Minder is vulnerable to DoS due to untrusted large response handling from the GitHub attestations endpoint. | CWE-770 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo27 May 2024 18:15Current
5.3Medium risk
Vulners AI Score5.3
CVSS35.3
EPSS0.00279
SSVC