Veracode Vulnerability DatabaseVERACODE:46212Denial Of Service (DoS)
4.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Temporal Server is vulnerable to Denial of Service (DoS). The vulnerability is caused by an authenticated user with permissions to interact with workflows submitting an invalid UTF-8 string which causes an application crash. This can lead to stuck tasks in the queue, increased queue lag, resource exhaustion, and system instability.
References
github.com/advisories/GHSA-wmxc-v39r-p9wf
github.com/temporalio/temporal/commit/2099dfd945accbf794404c3b8d990d109de19f06
github.com/temporalio/temporal/commit/679e3dc2ca8bd39e02c760f686cc8807f817bbfd
github.com/temporalio/temporal/commit/f1fab97129f964dcca17d1f7c344f38666d1ee5f
github.com/temporalio/temporal/releases
Related
4.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%