There must be a fixed length for user input parameters like root directory name. Allowing users to enter long strings may result in a DOS attack or memory corruption
1)Go to https://rdiffweb-demo.ikus-soft.com/admin/users endpoint .
2)Click on add user
3)Here you will see that there is no limit for the root directory name length that allows a user to to set a very long string as long as 1 million characters
4)This may possible result in a memory corruption/DOS attack
Mitigation: There must be a fixed length for the root directory name - upto 256 characters