Lucene search
K

4 matches found

Veracode
Veracode
added 2023/12/18 11:45 a.m.21 views

Denial Of Service (DoS)

@octokit/webhooks is vulnerable to Denial Of Service DoS. The vulnerability is caused by a lack of exception handling in the verifyAndReceive method within src/verify-and-receive.ts. This method internally calls another method verify which throws an exception which remains unhandled. This uncaugh...

7.5CVSS6.7AI score0.00731EPSS
Exploits0References17Affected Software1
OSV
OSV
added 2023/12/16 12:52 a.m.1 views

GHSA-PWFR-8PQ7-X9QV Unauthenticated Denial of Service in the octokit/webhooks library

Impact Versions v9.26.0, v10.9.x, v11.1.x, v12.0.x all contained the code that would throw the error. Specifically, during a pentest we encountered a bug in the octokit/webhooks library a dependency of Probot, a framework for building Github Apps. The resulting request was found to cause an...

8.2CVSS7.1AI score0.00731EPSS
Exploits0References10
Cvelist
Cvelist
added 2023/12/15 9:59 p.m.42 views

CVE-2023-50728 Unauthenticated Denial of Service in the octokit/webhooks library

octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The resulting request w...

5.4CVSS7.6AI score0.00731EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/12/15 12:0 a.m.5 views

PT-2023-31626 · Github · Octokit/Webhooks +1

Name of the Vulnerable Software and Affected Versions: octokit/webhooks versions 9.26.0 through 9.26.2 octokit/webhooks versions 10.9.0 through 10.9.1 octokit/webhooks versions 11.1.0 through 11.1.1 octokit/webhooks versions 12.0.0 through 12.0.3 Description: The issue is caused by a problem with...

8.2CVSS7.3AI score0.00731EPSS
Exploits0References13
Rows per page
Query Builder