Vulnerability Details - Title: Improper handling of Length parameter in erudika/scoold - Report Date: Apr 25th 2022 - CVE: CVE-2022-1543 - Vulnerability Type: CWE-130:Improper Handling of Length Parameter Inconsistency - Severity: Critical (9.3) Description - There was no restriction on the amount of text that can be inserted into a user's name field. When the text size was large enough the service resulted in a momentary outage in our non-production environment (not high availability). An internal reproduction showed isolated disruption but no outage in our production environment. Proof of Concept - Login account. - Visit the profile section. - Edit profile & add unlimited random input into the Name field. like [/%3C%3E//http://www.evil.com/projectX.htm] 10000 - Save and you can see the disruption in the PoC video. Impact - When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server. Occurrences - ProfileController.java L243 References - huntr.dev - HackerOne - Blog - Mitre Vulnerability Assessment - Severity: Critical (9.3) - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Changed - Confidentiality: None - Integrity: Low - Availability: High - Visibility: Public - Status: Fixed - Disclosure Bounty: $10 - Fix Bounty: $2.5 People - Found by: - Tarun Garg - Alex Bogdanovski - Fixed by: - Alex Bogdanovski Comments** - Various members discussed the validation of the vulnerability with a successful award of the disclosure bounty and the assignment of a fix bounty. - The researcher's credibility has increased as a result.