Allocation of Resources Without Limits or Throttling

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

in janeczku/calibre-web

✍️ Description The attribute name is not properly restricted so a user can change his username even when the view does not allow to change it. 🕵️‍♂️ Proof of Concept //The method changeprofile saves also de name if it is present in the request. It does not check if the user has the permission to...