You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
validateWebhook adds the token to the list of seen ones, before validating the token is valid. This means an attacker could repeatedly send invalid requests to the server and trigger an OOM. Furthermore the attacker could send a large enough token, and trigger the OOM more quickly.
Also, in order to limit the memory consumption I'd either:
allow to configure mailgunExpirey to a lower value
First option may accept the same request twice, but is the safest to prevent excessive memory usage in case of high traffic. The size could be a config.
The text was updated successfully, but these errors were encountered:
validateWebhookadds the token to the list of seen ones, before validating the token is valid. This means an attacker could repeatedly send invalid requests to the server and trigger an OOM. Furthermore the attacker could send a large enough token, and trigger the OOM more quickly.Also, in order to limit the memory consumption I'd either:
mailgunExpireyto a lower valueFirst option may accept the same request twice, but is the safest to prevent excessive memory usage in case of high traffic. The size could be a config.
The text was updated successfully, but these errors were encountered: