CVE-2024-31209
OpenID Connect client Atom Exhaustion in provider configuration worker ets table location
oidcc is the OpenID Connect client library for Erlang. Denial of Service (DoS) by Atom exhaustion is possible by calling `oidcc_provider_configuration_worker:get_provider_configuration/1` or `oidcc_provider_configuration_worker:get_jwks/1`. This issue has been patched in version(s)`3.1.2` & `3.2.0-beta.3`.
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
Produtos afetados
erlef · oidccQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://github.com/erlef/oidcc/blob/018dbb53dd752cb1e331637d8e0e6a489ba1fae9/src/oidcc_provider_configuration_worker.erl#L385-L388https://github.com/erlef/oidcc/commit/2f304d877c7e0613d6fd952d7feacbf40dbc355chttps://github.com/erlef/oidcc/commit/48171fb62688fb4eec1ead0884aa501e0aa68649https://github.com/erlef/oidcc/commit/ac458ed88dc292aad6fa7343f6a53e73c560fb1ahttps://github.com/erlef/oidcc/security/advisories/GHSA-mj35-2rgf-cv8p