CVE-2020-36568: revel is vulnerable to resource exhaustion

December 28, 2022 (updated December 30, 2022)

Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation.

References

github.com/advisories/GHSA-hggr-p7v6-73p5
github.com/revel/revel/commit/d160ecb72207824005b19778594cbdc272e8a605
github.com/revel/revel/issues/1424
github.com/revel/revel/pull/1427
nvd.nist.gov/vuln/detail/CVE-2020-36568
pkg.go.dev/vuln/GO-2020-0003

Code Behaviors & Features

Detect and mitigate CVE-2020-36568 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →