CVE-2021-28667 Information

Description

StackStorm before 3.4.1 in some situations has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used the locale is not utf-8 and there is an attempt to log Unicode data (from an action or rule name).

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://stackstorm.com/2021/03/10/stackstorm-v3-4-1-security-fix/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5