Vulnerability Summary
HackerOne disclosed report --> https://hackerone.com/reports/3456148 by undefined
Summary:
Unbounded number of links in the decompression chain for HTTP responses in Node.js Fetch API
Description:
Fetch API supports chained HTTP encoding algorithms for response content according to RFC 9110 (e.g., Content-Encoding: gzip, br).
However, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation.
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3601655 by smlee
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3168691 by joejoe5
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3287208 by hellokbit
No comments yet.
Be the first to share your thoughts
Log in to join the discussion.
Sign In