CVE-2022-27897 Information

Description

Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file which would allow them to exhaust memory resources on the dispatch server.

Reference

https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-12.md