Summary
Canarytokens.org was vulnerable to a ReDoS in parsing HTTP requests due to an outdated package.
Details
See GHSA-2jv5-9r88-3w3p
Scope of impact
A successful attack would result in a DoS of https://canarytokens.org.
Patches
This issue is now patched on Canarytokens.org.
Users of self-hosted Canarytokens installations can update by pulling the latest Docker image (or any Docker image after sha-097d91a):
$ docker pull thinkst/canarytokens:latest
Acknowledgements
We thank Viktor Chuchurski and Francesco Lacerenza (Doyensec https://doyensec.com/).
Summary
Canarytokens.org was vulnerable to a ReDoS in parsing HTTP requests due to an outdated package.
Details
See GHSA-2jv5-9r88-3w3p
Scope of impact
A successful attack would result in a DoS of https://canarytokens.org.
Patches
This issue is now patched on Canarytokens.org.
Users of self-hosted Canarytokens installations can update by pulling the latest Docker image (or any Docker image after
sha-097d91a):Acknowledgements
We thank Viktor Chuchurski and Francesco Lacerenza (Doyensec https://doyensec.com/).