7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
43.6%
@octokit/webhooks is vulnerable to Denial Of Service (DoS). The vulnerability is caused by a lack of exception handling in the verifyAndReceive
method within src/verify-and-receive.ts
. This method internally calls another method verify
which throws an exception which remains unhandled. This uncaught exception ends the running nodejs process resulting in Denial Of Service (DoS).
github.com/advisories/GHSA-pwfr-8pq7-x9qv
github.com/octokit/app.js/releases/tag/v14.0.2
github.com/octokit/octokit.js/releases/tag/v3.1.2
github.com/octokit/webhooks.js/commit/0504ad8eeb39338aca33b6a31fe6be77f748c8e1
github.com/octokit/webhooks.js/commit/26184386d4a1022ea923c28b8869cf397da07b85
github.com/octokit/webhooks.js/commit/449b15967762bc18f722e649102ffc91e26f364e
github.com/octokit/webhooks.js/commit/8a2080cdc54f6a6b3886db3900a1b934856c644a
github.com/octokit/webhooks.js/pull/914
github.com/octokit/webhooks.js/pull/915
github.com/octokit/webhooks.js/pull/916
github.com/octokit/webhooks.js/pull/917
github.com/octokit/webhooks.js/releases/tag/v10.9.2
github.com/octokit/webhooks.js/releases/tag/v11.1.2
github.com/octokit/webhooks.js/releases/tag/v12.0.4
github.com/octokit/webhooks.js/releases/tag/v9.26.3
github.com/octokit/webhooks.js/security/advisories/GHSA-pwfr-8pq7-x9qv
github.com/probot/probot/releases/tag/v12.3.3
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
43.6%