GMS-2023-601: Yapscan Denial of Service vulnerability in report server

March 3, 2023

Impact

If you use the report server, it may be vulnerable to a Denial of Service attack.

Patches

Has been patched in v0.19.2.

References

The vulnerability was inherited by the following upstream vulnerabilites

golang.org/x/text < v0.3.7
golang.org/x/net < 0.0.0-20220906165146-f3363e06e74c

References

github.com/advisories/GHSA-69cg-p879-7622
github.com/advisories/GHSA-ppp9-7jff-5vj2
github.com/advisories/GHSA-wxwq-525w-hcqx
github.com/fkie-cad/yapscan/commit/242b4b25b107deacddd4ca276b45d23e16bb3b88
github.com/fkie-cad/yapscan/commit/65f277662c6475eb3f592e0e4fdfee902ecd9326
github.com/fkie-cad/yapscan/pull/46
github.com/fkie-cad/yapscan/releases/tag/v0.19.2
github.com/fkie-cad/yapscan/security/advisories/GHSA-wxwq-525w-hcqx

Detect and mitigate GMS-2023-601 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →