GO-2024-2934 Minder affected by denial of service from maliciously configured Git repository in github.com/stacklok/minder

Minder affected by denial of service from maliciously configured Git repository in github.com/stacklok/minder...

GO-2024-2885 Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder

Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder...

GO-2024-2701 Minder GetRepositoryByName data leak in github.com/stacklok/minder

Minder GetRepositoryByName data leak in github.com/stacklok/minder...

Denial Of Service (DoS)

github.com/stacklok/minder is vulnerable to a Denial Of Service DoS. The vulnerability is due to the sigstore verifier reading an untrusted response entirely into memory without enforcing a limit on the response body. The vulnerability allows an attacker to crash the Minder server and deny other...

CVE-2024-35238 Denial of service of Minder Server from maliciously crafted GitHub attestations

Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service DoS attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that...

CVE-2024-35238 Denial of service of Minder Server from maliciously crafted GitHub attestations

Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service DoS attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that...

CVE-2024-35238 Denial of service of Minder Server from maliciously crafted GitHub attestations

Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service DoS attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that...

CVE-2024-35238

Summary: Minder by Stacklok (pre-0.0.51) is vulnerable to a DoS caused by the sigstore verifier reading an untrusted response without a size limit. An attacker can cause Minder to fetch attestations from a user-controlled GitHub endpoint (orgs/$owner/attestations/$checksumref) and feed a large re...

Denial Of Service (DoS)

github.com/stacklok/minder is vulnerable to Denial Of Service DoS. The vulnerability is due to the engines lack of template size limits, which allows an attacker to execute a Denial of Service DoS attack by submitting maliciously crafted large templates...

CVE-2024-35194 Stacklok Minder vulnerable to denial of service from maliciously crafted templates

Minder is a software supply chain security platform. Prior to version 0.0.50, Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates. Minder engine uses templating to generate strings for various use cases such as URLs,...

GHSA-CRGC-2583-RW27 Stacklok Minder vulnerable to denial of service from maliciously crafted templates

Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates. Minder engine uses templating to generate strings for various use cases such as URLs, messages for pull requests, descriptions for advisories. In some cases can the...

GO-2024-2821 Denial of Service from untrusted requests in github.com/stacklok/minder

HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. An untrusted request can cause the server to allocate large amounts of memory resulting in a denial of service...

CVE-2024-31455

Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit 5c381cf added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would...

CVE-2024-31455

Minder by Stacklok (github.com/stacklok/minder) has a SQL query bug introduced by commit 5c381cf: the absence of parentheses caused the GetRepositoryByName flow to select a random repository when registering GitHub repos to a project. The issue is patched in PR 2941. Workarounds: revert before 5c...

CVE-2024-31455 Minder GetRepositoryByName data leak

Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit 5c381cf added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would...

CVE-2024-31455 Minder GetRepositoryByName data leak

Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit 5c381cf added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would...

CVE-2024-31455 Minder GetRepositoryByName data leak

Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit 5c381cf added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would...

Stacklok Minder 安全漏洞

Minder is an open source platform that helps development teams and the open source community build more secure software and prove to others that the software they build is secure. A security vulnerability exists in Stacklok Minder version 5c381cf that stems from a data leak in GetRepositoryByName...