CVE-2020-36568

NameCVE-2020-36568
DescriptionUnsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
golang-github-revel-revel (PTS)buster0.12.0+dfsg-4vulnerable
bookworm, bullseye1.0.0-2fixed
sid, trixie1.0.0-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
golang-github-revel-revelsource(unstable)1.0.0-1

Notes

[buster] - golang-github-revel-revel <postponed> (Limited support, minor issue, DoS)
https://github.com/revel/revel/pull/1427
https://github.com/revel/revel/commit/d160ecb72207824005b19778594cbdc272e8a605 (v1.0.0)
https://github.com/revel/revel/issues/1424
https://pkg.go.dev/vuln/GO-2020-0003

Search for package or bug name: Reporting problems