Denial of Service via Attachment Upload in plankanban/planka
Aug 3rd 2022
An attacker can upload an attachment without any size limitation which leads to an exception and the crash of the application.
Proof of Concept
- 1 - Log in and select and project and card.
- 2 - Upload a file, in this case, a 5GB file. Used sample file.
- 3 - After some seconds the application crash's and restarts, as seen below.
Denial of service.