Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-1000098 | 1 Golang | 1 Go | 2022-08-16 | 5.0 MEDIUM | 7.5 HIGH |
The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors. | |||||
CVE-2017-8452 | 1 Elastic | 1 Kibana | 2020-10-19 | 5.0 MEDIUM | 7.5 HIGH |
Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes. |