CVE-2019-25072
HIGH WAF: Medium
CVSS 7.5
Published: 2022-12-27
CWE-400
Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector.
WAF Coverage Analysis
Uncontrolled Resource Consumption
Medium WAF Coverage
OWASP: A05:2021 Security Misconfiguration
912xxx - DOS Protection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| tendermint | tendermint | up to 0.31.1 |
References
- github.com (Patch, Third Party Advisory)
- github.com (Third Party Advisory)
- pkg.go.dev (Third Party Advisory)