Vulnerability Details CVE-2020-36568
Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.7%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/revel/revel/commit/d160ecb72207824005b19778594cbdc272e8a605
- https://github.com/revel/revel/issues/1424
- https://github.com/revel/revel/pull/1427
- https://pkg.go.dev/vuln/GO-2020-0003
- https://github.com/revel/revel/commit/d160ecb72207824005b19778594cbdc272e8a605
- https://github.com/revel/revel/issues/1424
- https://github.com/revel/revel/pull/1427
- https://pkg.go.dev/vuln/GO-2020-0003
Products affected by CVE-2020-36568
-
cpe:2.3:a:revel:revel:-
-
cpe:2.3:a:revel:revel:0.10.0
-
cpe:2.3:a:revel:revel:0.11.0
-
cpe:2.3:a:revel:revel:0.11.1
-
cpe:2.3:a:revel:revel:0.11.2
-
cpe:2.3:a:revel:revel:0.11.3
-
cpe:2.3:a:revel:revel:0.12.0
-
cpe:2.3:a:revel:revel:0.13.0
-
cpe:2.3:a:revel:revel:0.13.1
-
cpe:2.3:a:revel:revel:0.14.0
-
cpe:2.3:a:revel:revel:0.15.0
-
cpe:2.3:a:revel:revel:0.16.0
-
cpe:2.3:a:revel:revel:0.17
-
cpe:2.3:a:revel:revel:0.17.1
-
cpe:2.3:a:revel:revel:0.18.0
-
cpe:2.3:a:revel:revel:0.19.0
-
cpe:2.3:a:revel:revel:0.19.1
-
cpe:2.3:a:revel:revel:0.20.0
-
cpe:2.3:a:revel:revel:0.21.0
-
cpe:2.3:a:revel:revel:0.6
-
cpe:2.3:a:revel:revel:0.7
-
cpe:2.3:a:revel:revel:0.8
-
cpe:2.3:a:revel:revel:0.9.0
-
cpe:2.3:a:revel:revel:0.9.1