CVE-2024-31209
OpenID Connect client Atom Exhaustion in provider configuration worker ets table location
oidcc is the OpenID Connect client library for Erlang. Denial of Service (DoS) by Atom exhaustion is possible by calling `oidcc_provider_configuration_worker:get_provider_configuration/1` or `oidcc_provider_configuration_worker:get_jwks/1`. This issue has been patched in version(s)`3.1.2` & `3.2.0-beta.3`.
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
Productos afectados
erlef · oidcc¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://github.com/erlef/oidcc/blob/018dbb53dd752cb1e331637d8e0e6a489ba1fae9/src/oidcc_provider_configuration_worker.erl#L385-L388https://github.com/erlef/oidcc/commit/2f304d877c7e0613d6fd952d7feacbf40dbc355chttps://github.com/erlef/oidcc/commit/48171fb62688fb4eec1ead0884aa501e0aa68649https://github.com/erlef/oidcc/commit/ac458ed88dc292aad6fa7343f6a53e73c560fb1ahttps://github.com/erlef/oidcc/security/advisories/GHSA-mj35-2rgf-cv8p