The trudesk application allows large characters to insert in the input field "Name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in polonel / trudesk in polonel/trudesk


Reported on

May 16th 2022

Proof of Concept

1 - Go to Profile or

2 - and fill name input field with huge characters

Payload :-

Video POC :-

Screenshot of POC -:


It can leads to denial of service attack

We are processing your report and will contact the polonel/trudesk team within 24 hours. a month ago
polonel/trudesk maintainer has acknowledged this report a month ago
Chris Brame validated this vulnerability a month ago
Vishal Vishwakarma has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Chris Brame
a month ago


This has been fixed in v1.2.2. I will update this report once it has been released.

a month ago


@admin can you please assigned as cve

Jamie Slome
a month ago


Sorted 👍

We have sent a fix follow up to the polonel/trudesk team. We will try again in 7 days. a month ago
Chris Brame confirmed that a fix has been merged on e836d0 a month ago
Chris Brame has been awarded the fix bounty
to join this conversation