Veracode Vulnerability DatabaseVERACODE:44721Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
43.6%
@octokit/webhooks is vulnerable to Denial Of Service (DoS). The vulnerability is caused by a lack of exception handling in the verifyAndReceive method within src/verify-and-receive.ts. This method internally calls another method verify which throws an exception which remains unhandled. This uncaught exception ends the running nodejs process resulting in Denial Of Service (DoS).
References
github.com/advisories/GHSA-pwfr-8pq7-x9qv
github.com/octokit/app.js/releases/tag/v14.0.2
github.com/octokit/octokit.js/releases/tag/v3.1.2
github.com/octokit/webhooks.js/commit/0504ad8eeb39338aca33b6a31fe6be77f748c8e1
github.com/octokit/webhooks.js/commit/26184386d4a1022ea923c28b8869cf397da07b85
github.com/octokit/webhooks.js/commit/449b15967762bc18f722e649102ffc91e26f364e
github.com/octokit/webhooks.js/commit/8a2080cdc54f6a6b3886db3900a1b934856c644a
github.com/octokit/webhooks.js/pull/914
github.com/octokit/webhooks.js/pull/915
github.com/octokit/webhooks.js/pull/916
github.com/octokit/webhooks.js/pull/917
github.com/octokit/webhooks.js/releases/tag/v10.9.2
github.com/octokit/webhooks.js/releases/tag/v11.1.2
github.com/octokit/webhooks.js/releases/tag/v12.0.4
github.com/octokit/webhooks.js/releases/tag/v9.26.3
github.com/octokit/webhooks.js/security/advisories/GHSA-pwfr-8pq7-x9qv
github.com/probot/probot/releases/tag/v12.3.3
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
43.6%