7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
46.5%
A denial of services (DoS) vulnerability was discovered in Wrangler Git package affecting versions up to and including v1.0.0
.
Specially crafted Git credentials can result in a denial of service (DoS) attack on an application that uses Wrangler due to the exhaustion of the available memory and CPU resources. This is caused by a lack of input validation of Git credentials before they are used, which may lead to a denial of service in some cases. This issue can be triggered when accessing both private and public Git repositories.
A workaround is to sanitize input passed to the Git package to remove potential unsafe and ambiguous characters. Otherwise, the best course of action is to update to a patched Wrangler version.
Patched versions include v1.0.1
and later and the backported tags - v0.7.4-security1
, v0.8.5-security1
and v0.8.11
.
If you have any questions or comments about this advisory:
bugzilla.suse.com/show_bug.cgi?id=1205296
github.com/advisories/GHSA-8fcj-gf77-47mg
github.com/rancher/rancher/security/policy
github.com/rancher/wrangler
github.com/rancher/wrangler/commit/341018c8fef3e12867c7cb2649bd2cecac75f287
github.com/rancher/wrangler/security/advisories/GHSA-8fcj-gf77-47mg
nvd.nist.gov/vuln/detail/CVE-2022-43756
pkg.go.dev/vuln/GO-2023-1515