GHSA-gjrj-9rj4-pgwx: DoS Vulnerability from Upstream Actix Web Issues

December 15, 2021 (updated December 17, 2021)

This vulnerability affects all users of the perseus deploy functionality who have not exported their sites to static files. If you are using the inbuilt Perseus server in production, there is a memory leak in Actix Web stemming from this upstream issue which can allow even a single user to cause the process to exhaust its memory on low-memory servers by continuously reloading the page. Note that this issue does not affect all Actix Web applications, but rather results from certain usage patterns which appear to be present in Perseus’ server mechanics.

References

github.com/actix/actix-web/issues/1780
github.com/advisories/GHSA-gjrj-9rj4-pgwx
github.com/arctic-hen7/perseus
github.com/arctic-hen7/perseus/security/advisories/GHSA-gjrj-9rj4-pgwx

Detect and mitigate GHSA-gjrj-9rj4-pgwx with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →