Server: Resource Exthaustion when sanitizing filenames

ID OC-SA-2015-007
Type owncloud
Reporter ownCloud
Modified 2015-06-24T16:10:59


The sanitization component for filenames was vulnerable to DoS when parsing specially crafted file names passed via specific endpoints.

Effectively this lead to a endless loop filling the log file until the system is not anymore responsive.

For more information please consult the official advisory.

This advisory is licensed CC BY-SA 4.0