[SHINDIG-1834] DOS vulnerability with closure compiler in feature js endpoint - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.5.0-beta1, 2.5.0-beta2
Fix Version/s: 2.5.0-beta3
Component/s: Java, Javascript
Labels:
None

Description

Varying features and options on the request made to this endpoint will cause closure to run each time a cached version is not found. This can effectively DOS the server, as closure is pretty expensive and the permutations of feature combinations are practically endless.

Attachments

Activity

People

Assignee:: Dan Dumont

Reporter:: Dan Dumont

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 01/Aug/12 18:01

Updated:: 01/Aug/12 18:12

Resolved:: 01/Aug/12 18:01