来自上游 Actix Web 问题的 DoS 漏洞

CVE编号

N/A

利用情况

暂无

补丁情况

N/A

披露时间

2021-12-16

漏洞描述

This vulnerability affects all users of the perseus deploy functionality who have not exported their sites to static files. If you are using the inbuilt Perseus server in production, there is a memory leak in Actix Web stemming from this upstream issue which can allow even a single user to cause the process to exhaust its memory on low-memory servers by continuously reloading the page. Note that this issue does not affect all Actix Web applications, but rather results from certain usage patterns which appear to be present in Perseus' server mechanics.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://github.com/advisories/GHSA-gjrj-9rj4-pgwx

CVSS3评分 N/A

• 攻击路径 N/A
• 攻击复杂度 N/A
• 权限要求 N/A
• 影响范围 N/A
• 用户交互 N/A
• 可用性 N/A
• 保密性 N/A
• 完整性 N/A

N/A

CWE-ID	漏洞类型

Exp相关链接

- avd.aliyun.com