Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability in idna library #44

Open
richstokes opened this issue Oct 4, 2024 · 1 comment
Open

Vulnerability in idna library #44

richstokes opened this issue Oct 4, 2024 · 1 comment

Comments

@richstokes
Copy link

AWS inspector is flagging this lambda with a high-severity CVE.

Title: CVE-2024-3651 - idna

Description:
A vulnerability was identified in the kjd/idna library, specifically within the idna.encode() function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the idna.encode() function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.
@richstokes
Copy link
Author

The issue seems to be that this module does not default to the latest version of the Datadog code

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@richstokes