Impact
Affected version of InvenTree do not provide an upper length on the "notes" field on various models, allowing users to upload arbitrarily large character data to these fields.
Patches
- This issue has been addressed in the upcoming 0.8.0 stable release.
- Refer to #3231
Workarounds
None
References
https://huntr.dev/bounties/57b0f272-a97f-4cb3-b546-c863c68a561a/
For more information
If you have any questions or comments about this advisory:
dievus Analyst
Impact
Affected version of InvenTree do not provide an upper length on the "notes" field on various models, allowing users to upload arbitrarily large character data to these fields.
Patches
Workarounds
None
References
https://huntr.dev/bounties/57b0f272-a97f-4cb3-b546-c863c68a561a/
For more information
If you have any questions or comments about this advisory: