Slowvote and Countdown can cause Denial of Service due to recursive inclusion

Disclosed: 2022-05-09 18:37:16 By dyls To phabricator

Unknown

Vulnerability Details

Similar to #85011, if you edit a Slowvote or Countdown object and include its own object ID in the description, then it will recursively include and prevent the page from loading. mongoose ## Impact Denial of Service. You can include the Slowvote or Countdown object on any other object to also prevent it from loading. If it is included in the feed, you could also prevent the home page from loading.

Actions

View on HackerOne

Report Stats

Report ID: 1563142
State: Closed
Substate: resolved
Upvotes: 4

Slowvote and Countdown can cause Denial of Service due to recursive inclusion

Vulnerability Details

Actions

Report Stats

Share this report