GHSA-CPF9-PH2J-CCR9 zrok: Unauthenticated DoS via unbounded memory allocation in striped session cookie parsing
Summary endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls makestring, count with no upper bound before any token validation occurs. The function is reached on every request to an OAuth-protected proxy share, allowing an unauthenticated remote attacker to trigger...