CVE-2023-50248
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2023-50248 is a vulnerability affecting the open-source data management system CKAN, used for powering data hubs and data portals. Versions 2.0.0 and prior to 2.9.10 and 2.10.3 contain a flaw, where a malicious actor with permissions to create or edit datasets can cause an out-of-memory error on the hosting server. This is triggered by making a POST request to the `/dataset/new` endpoint, containing a specially-crafted field. This issue has been addressed in CKAN versions 2.10.3 and 2.9.10, making it essential for users to update their systems promptly to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Okfn Ckan
Affected Vendors
- OKFN
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions