CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
github.com/stacklok/minder is vulnerable to Denial Of Service (DoS). The vulnerability is due to a lack of input validation within the Clone() method when handling Git URLs provided by Minder users. The vulnerability allows Minder users to clone large repositories without enforcing size limits, leading to memory exhaustion and server crashes.
github.com/advisories/GHSA-hpcg-xjq5-g666
github.com/stacklok/minder/blob/85985445c8ac3e51f03372e99c7b2f08a6d274aa/internal/providers/git/git.go#L55-L89
github.com/stacklok/minder/blob/85985445c8ac3e51f03372e99c7b2f08a6d274aa/internal/providers/git/git.go#L56-L62
github.com/stacklok/minder/commit/35bab8f9a6025eea9e6e3cef6bd80707ac03d2a9
github.com/stacklok/minder/commit/7979b43
github.com/stacklok/minder/security/advisories/GHSA-hpcg-xjq5-g666