Home > Vulnerability Database > CVE-2023-37279

Mend.io Vulnerability Database

CVE-2023-37279

Good to know:

Date: September 20, 2023

Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param "days". The vulnerability is related to how the backend reads the "days" URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string slice. If a very large value is provided, the backend server ends up using a significant amount of memory and causing it to crash. Version 1.8.0 fixes this issue.

Language: Go

Severity Score

7.5

Related Resources (4)

Url: https://github.com/contribsys/faktory/security/advisories/GHSA-x4hh-vjm7-g2jv

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-37279

Url: https://github.com/contribsys/faktory

Url: https://www.mend.io/vulnerability-database/CVE-2023-37279

Severity Score

7.5

Weakness Type (CWE)

Memory Allocation with Excessive Size Value

CWE-789

Allocation of Resources Without Limits or Throttling

CWE-770

Top Fix

Upgrade Version

Upgrade to version github.com/contribsys/faktory - v1.8.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-37279

Good to know:

Date: September 20, 2023

Language: Go

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?