Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot Alert: Werkzeug possible resource exhaustion when parsing file data in forms #370

Open
JennaySDavis opened this issue Oct 28, 2024 · 2 comments
Open

Dependabot Alert: Werkzeug possible resource exhaustion when parsing file data in forms #370

JennaySDavis opened this issue Oct 28, 2024 · 2 comments
Assignees
@johnbeallgsa
Labels
Dependabot Alert Sprint 43

Comments

@JennaySDavis
Copy link
Contributor

Applications using Werkzeug to parse multipart/form-data requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the Request—max_form_memory_size setting.
@john-labbate john-labbate self-assigned this Oct 31, 2024
@JennaySDavis
Copy link
Contributor Author

370 Acceptance Criteria

Pass/Fail Description
Pass Regression Testing of 889 Tool

Comments/Additional Notes
N/A

ADA Compliance (Automated scan via Chrome Lighthouse)

Criteria Score
Performance 96*
Accessibility 100
Best Practices 100
*Performance score is related to a third-party Google Analytics cookie and cloud.gov = false positive

Passed 11/01/2024 - JSD

@felder101 felder101 mentioned this issue Nov 13, 2024
Merged
@johnbeallgsa
Copy link

Thanks for explaining during Demo. Moving to Done.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@johnbeallgsa johnbeallgsa

Labels
Dependabot Alert Sprint 43
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@john-labbate @johnbeallgsa @JennaySDavis