LOW

GHSA-pv6r-vchh-cxg9

Denial of Service in apostrophe

Details

Versions of `apostrophe` prior to 2.97.1 are vulnerable to Denial of Service. The `apostrophe-jobs` module sets a callback for incoming jobs and doesn't clear it regardless of its status. This causes the server to accumulate callbacks, allowing an attacker to start a large number of jobs and exhaust system memory.

## Recommendation

Upgrade to version 2.97.1 or later.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / apostrophe

Introduced in: 0 Fixed in: 2.97.1

Fix npm install apostrophe@2.97.1

References

https://www.npmjs.com/advisories/1183 [WEB]