[CKAN-Security] CKAN v2.3 : DoS vulnerability with API

Adrià Mercader adria.mercader at okfn.org
Mon Jul 20 09:33:54 UTC 2015


Hi Judicaël,

You can send the details to the list, and we will discuss the best approach
on the weekly development meeting.

Thanks

Adrià

On 20 July 2015 at 09:53, <judicael.coryn at amicam.cnafmail.fr> wrote:

> Hello,
>
> We have discovered during a black box pentest, in our company, the
> possibilty to crash the ckan server. It's possible to made a DoS with one
> CKAN API function.
>
> How can we report to you this issue ?
>
> Best regards,
>
>
> *   Judicaël CORYN*
>
>   tél : 02.43.61.33.04
>   judicael.coryn at amicam.cnafmail.fr
>   mobile : 06.24.19.10.05
>
>
>  Afin de contribuer au respect de l'environnement, merci de n'imprimer ce
> mail qu'en cas de nécessité
>
> _______________________________________________
> CKAN security
> https://lists.okfn.org/mailman/listinfo/security
> https://lists.okfn.org/mailman/options/security/adria.mercader%40okfn.org
>
> Repo: https://github.com/ckan/ckan-security
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150720/54944484/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 830 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150720/54944484/attachment-0004.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 830 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150720/54944484/attachment-0005.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 770 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150720/54944484/attachment-0001.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 5106 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150720/54944484/attachment-0006.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 830 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150720/54944484/attachment-0007.gif>


More information about the Security mailing list