CVE-2024-34079

Published: May 14, 2024Modified: Nov 21, 2024

3.7

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability: 2.2 / Impact: 1.4

Source: security-advisories@github.com (Secondary)

Description

octo-sts is a GitHub App that acts like a Security Token Service (STS) for the Github API. This vulnerability can spike the resource utilization of the STS service, and combined with a significant traffic volume could potentially lead to a denial of service. This vulnerability is fixed in 0.1.0

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (4)

https://github.com/octo-sts/app/commit/74ba874c017cf973edd6711144cf4399a9fcff57

Source: security-advisories@github.com

https://github.com/octo-sts/app/security/advisories/GHSA-75r6-6jg8-pfcq

Source: security-advisories@github.com

https://github.com/octo-sts/app/commit/74ba874c017cf973edd6711144cf4399a9fcff57

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/octo-sts/app/security/advisories/GHSA-75r6-6jg8-pfcq

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.