Vulnerability Report: GO-2023-1515
- CVE-2022-43756, GHSA-8fcj-gf77-47mg
- Affects: github.com/rancher/wrangler
- Published: Feb 14, 2023
- Modified: Jun 12, 2023
A denial of service (DoS) vulnerability exists in the Wrangler Git package. Specially crafted Git credentials can result in a denial of service (DoS) attack on an application that uses Wrangler due to the exhaustion of the available memory and CPU resources. This is caused by a lack of input validation of Git credentials before they are used, which may lead to a denial of service in some cases. This issue can be triggered when accessing both private and public Git repositories. A workaround is to sanitize input passed to the Git package to remove potential unsafe and ambiguous characters. Otherwise, the best course of action is to update to a patched Wrangler version.
For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-8fcj-gf77-47mg.
Affected Packages
-
PathVersionsSymbols
-
before v0.7.4-security1, from v0.8.0 before v0.8.5-security1, from v0.8.6 before v0.8.11, from v1.0.0 before v1.0.1
5 affected symbols
Aliases
References
- https://github.com/rancher/wrangler/commit/341018c8fef3e12867c7cb2649bd2cecac75f287
- https://github.com/advisories/GHSA-8fcj-gf77-47mg
- https://github.com/rancher/rancher/security/policy
- https://vuln.go.dev/ID/GO-2023-1515.json