Improper input-size validation on the user new session name
Moderate
nickvergessen
published
GHSA-7cwm-qph5-4h5wMay 30, 2022
Package
Server
(Nextcloud)
Affected versions
< 22.2.7, < 23.0.4
Patched versions
22.2.7, 23.0.4
Description
Impact
Missing input-size validation of new session names allows users to create app passwords with long names which are then loaded into memory on usage, resulting in impacted performance.
Patches
It is recommended that the Nextcloud Server is upgraded to 22.2.7 or 23.0.4
Impact
Missing input-size validation of new session names allows users to create app passwords with long names which are then loaded into memory on usage, resulting in impacted performance.
Patches
It is recommended that the Nextcloud Server is upgraded to 22.2.7 or 23.0.4
Workarounds
No workaround available
References
For more information
If you have any questions or comments about this advisory: