CVE-2024-2689 in ServerИнформация

Сводка

по MITRE • 04.04.2024

Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid UTF-8 will become stuck in the queue, causing an increase in queue lag. Eventually, all processes handling these queues will become stuck and the system will run out of resources. The workflow ID of the failing task will be visible in the logs, and can be used to remove that workflow as a mitigation. Version 1.23 is not impacted. In this context, a user is an operator of Temporal Server.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Ответственный

Temporal Technologies Inc.

Резервировать

19.03.2024

Раскрытие

04.04.2024

Модерация

принято

Вход

VDB-259298

EPSS

0.00487

KEV

Нет

Деятельности

Очень низкий

Источники

Might our Artificial Intelligence support you?

Check our Alexa App!