Merge pull request from GHSA-mqjc-6jp2-39mq

limit NKFD normalization to 10k chars
Netflix · Jan 17, 2024 · caeecb7 · caeecb7
2 parents 16effca + 7b86bb4
commit caeecb7
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 0 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -12,6 +12,7 @@ Added Digicert source plugin. Enable it with DIGICERT_SOURCE_ENABLED
 Added AWS ACM source plugin. This plugin retreives all certificates for an account and a region.
 Added AWS ACM destination plugin. This plugin uploads a certificate to AWS ACM.
 Allow updating options field via authority update API.
+Fixed a DoS security issue affecting Windows env via the name parameter of the certificate post endpoint.
 
 
 1.6.0 - `2023-10-23`

diff --git a/lemur/common/defaults.py b/lemur/common/defaults.py
@@ -15,6 +15,8 @@ def text_to_slug(value, joiner="-"):
     Normalize a string to a "slug" value, stripping character accents and removing non-alphanum characters.
     A series of non-alphanumeric characters is replaced with the joiner character.
     """
+    if len(value) > 10_000:
+        raise ValueError("Input value is too long.")
 
     # Strip all character accents: decompose Unicode characters and then drop combining chars.
     value = "".join(