CVE-2022-25897

Allocation of Resources Without Limits or Throttling in maven/org.eclipse.milo/sdk-server

Identifiers

CVE-2022-25897

Package Slug

maven/org.eclipse.milo/sdk-server

Vulnerability

Allocation of Resources Without Limits or Throttling

Description

The package org.eclipse.milo:sdk-server before 0.6.8 is vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.

Affected Versions

All versions before 0.6.8

Solution

Upgrade to version 0.6.8 or above.

Last Modified

2022-09-14

source