You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Making a POST request on /auth/token/lookup with specific payload causes internal server error
To Reproduce
Hi, I was fuzzing vault and found this bug. To reproduce it, just run vault server -dev and make a request. The request is described in enclosed zip (single JSON file inside). The JSON has also the curl formated of the request, however, the request contains some wild unicode characters that your terminal may not like (at least mine does not 😄). Therefore is better to use the resender utility that I made (along with the fuzzer). You may find it in my repo (github.com/matusf/openapi-fuzzer), with all installation instructions. Basically just run openapi-fuzzer-resender file.json to make the request.
matusf
changed the title
POST request on /auth/token/lookup with specific payload causes internal server error
POST on /auth/token/lookup with specific payload causes internal server error
Apr 8, 2021
Describe the bug
Making a POST request on
/auth/token/lookup
with specific payload causes internal server errorTo Reproduce
Hi, I was fuzzing vault and found this bug. To reproduce it, just run
vault server -dev
and make a request. The request is described in enclosed zip (single JSON file inside). The JSON has also thecurl
formated of the request, however, the request contains some wild unicode characters that your terminal may not like (at least mine does not 😄). Therefore is better to use theresender
utility that I made (along with the fuzzer). You may find it in my repo (github.com/matusf/openapi-fuzzer), with all installation instructions. Basically just runopenapi-fuzzer-resender file.json
to make the request.auth-token-lookup.zip
See error from request:
"{\"errors\":[\"no namespace\"]}\n"
In logs:
Expected behavior
Response with non 500 status code.
Environment:
vault status
):vault version
):Vault v1.7.0-rc1 (9af08a1c5f0f855984a1fa56d236675d167f578e)
The text was updated successfully, but these errors were encountered: