4.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Temporal Server is vulnerable to Denial of Service (DoS). The vulnerability is caused by an authenticated user with permissions to interact with workflows submitting an invalid UTF-8 string which causes an application crash. This can lead to stuck tasks in the queue, increased queue lag, resource exhaustion, and system instability.
github.com/advisories/GHSA-wmxc-v39r-p9wf
github.com/temporalio/temporal/commit/2099dfd945accbf794404c3b8d990d109de19f06
github.com/temporalio/temporal/commit/679e3dc2ca8bd39e02c760f686cc8807f817bbfd
github.com/temporalio/temporal/commit/f1fab97129f964dcca17d1f7c344f38666d1ee5f
github.com/temporalio/temporal/releases
4.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%