Improper handling of Length parameter in erudika/scoold
Apr 24th 2022
There was no restriction on the amount of text that can be inserted into a user's name field. When the text size was large enough the service resulted in a momentary outage in our non-production environment (not high availability). An internal reproduction showed isolated disruption but no outage in our production environment.
Proof of Concept
- Login account.
- Visit the profile section.
- Edit profile & add unlimited random input into the Name field. like [//%3C%3E//http://www.evil.com/projectX.htm] * 10000
- Save and you can see the disruption in the PoC video.
When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server.