← volver
CVE-2025-32947

PeerTube ActivityPub Crawl Infinite Loop DoS

CVSS 7.5 HIGHEPSS 0.6%CWE-835
This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Productos afectados
Chocobozzz/PeerTube

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/Chocobozzz/PeerTube/commit/76226d85685220db1495025300eca784d0336f7dhttps://github.com/Chocobozzz/PeerTube/releases/tag/v7.1.1https://research.jfrog.com/vulnerabilities/peertube-activitypub-crawl-dos/