CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-37279

Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param `days`. The vulnerability is related to how the backend reads the `days` URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string slice. If a very large value is provided, the backend server ends up using a significant amount of memory and causing it to crash. Version 1.8.0 fixes this issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 64.4%

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2023-37279

Contribsys » Faktory » Version: N/A

cpe:2.3:a:contribsys:faktory:-
Contribsys » Faktory » Version: 0.6.0-1

cpe:2.3:a:contribsys:faktory:0.6.0-1
Contribsys » Faktory » Version: 0.6.1-1

cpe:2.3:a:contribsys:faktory:0.6.1-1
Contribsys » Faktory » Version: 0.7.0-1

cpe:2.3:a:contribsys:faktory:0.7.0-1
Contribsys » Faktory » Version: 0.8.0-1

cpe:2.3:a:contribsys:faktory:0.8.0-1
Contribsys » Faktory » Version: 0.9.0-1

cpe:2.3:a:contribsys:faktory:0.9.0-1
Contribsys » Faktory » Version: 0.9.1-1

cpe:2.3:a:contribsys:faktory:0.9.1-1
Contribsys » Faktory » Version: 0.9.2-1

cpe:2.3:a:contribsys:faktory:0.9.2-1
Contribsys » Faktory » Version: 0.9.3-1

cpe:2.3:a:contribsys:faktory:0.9.3-1
Contribsys » Faktory » Version: 0.9.4-1

cpe:2.3:a:contribsys:faktory:0.9.4-1
Contribsys » Faktory » Version: 0.9.5-1

cpe:2.3:a:contribsys:faktory:0.9.5-1
Contribsys » Faktory » Version: 0.9.6-1

cpe:2.3:a:contribsys:faktory:0.9.6-1
Contribsys » Faktory » Version: 0.9.7-1

cpe:2.3:a:contribsys:faktory:0.9.7-1
Contribsys » Faktory » Version: 1.0.0-1

cpe:2.3:a:contribsys:faktory:1.0.0-1
Contribsys » Faktory » Version: 1.0.1-1

cpe:2.3:a:contribsys:faktory:1.0.1-1
Contribsys » Faktory » Version: 1.1.0-1

cpe:2.3:a:contribsys:faktory:1.1.0-1
Contribsys » Faktory » Version: 1.1.0-2

cpe:2.3:a:contribsys:faktory:1.1.0-2
Contribsys » Faktory » Version: 1.2.0-1

cpe:2.3:a:contribsys:faktory:1.2.0-1
Contribsys » Faktory » Version: 1.3.0-1

cpe:2.3:a:contribsys:faktory:1.3.0-1
Contribsys » Faktory » Version: 1.4.0-1

cpe:2.3:a:contribsys:faktory:1.4.0-1
Contribsys » Faktory » Version: 1.4.1-1

cpe:2.3:a:contribsys:faktory:1.4.1-1
Contribsys » Faktory » Version: 1.4.2-1

cpe:2.3:a:contribsys:faktory:1.4.2-1
Contribsys » Faktory » Version: 1.5.0

cpe:2.3:a:contribsys:faktory:1.5.0
Contribsys » Faktory » Version: 1.5.0-1

cpe:2.3:a:contribsys:faktory:1.5.0-1
Contribsys » Faktory » Version: 1.5.1

cpe:2.3:a:contribsys:faktory:1.5.1
Contribsys » Faktory » Version: 1.5.1-1

cpe:2.3:a:contribsys:faktory:1.5.1-1
Contribsys » Faktory » Version: 1.5.2

cpe:2.3:a:contribsys:faktory:1.5.2
Contribsys » Faktory » Version: 1.5.2-1

cpe:2.3:a:contribsys:faktory:1.5.2-1
Contribsys » Faktory » Version: 1.5.3

cpe:2.3:a:contribsys:faktory:1.5.3
Contribsys » Faktory » Version: 1.5.4

cpe:2.3:a:contribsys:faktory:1.5.4
Contribsys » Faktory » Version: 1.5.5

cpe:2.3:a:contribsys:faktory:1.5.5
Contribsys » Faktory » Version: 1.6.0

cpe:2.3:a:contribsys:faktory:1.6.0
Contribsys » Faktory » Version: 1.6.1

cpe:2.3:a:contribsys:faktory:1.6.1
Contribsys » Faktory » Version: 1.6.2

cpe:2.3:a:contribsys:faktory:1.6.2
Contribsys » Faktory » Version: 1.7.0

cpe:2.3:a:contribsys:faktory:1.7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-37279

Products

Pricing

Contact Us