Group membership requests lack character limit
Package
No package listed
Affected versions
stable <= 3.0.0; beta <= 3.0.0.beta16; tests-passed <= 3.0.0.beta16
Patched versions
stable > 3.0.0; beta > 3.0.0.beta16; tests-passed > 3.0.0.beta16
Impact
Currently, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to flood the database with a large amount of data. However it is unlikely this could be used as part of a DoS attack, as the paths reading back the reasons are only available to administrators.
Patches
In the patched versions, a limit of 280 characters has been introduced for membership requests.