When uploading a file on FAME, a user may intentionally use a large Unicode string which would lead to an application-level slowness/denial of service. This is due to no limitation being set on the length of the filename and the costly use of the Unicode normalization in Werkzeug function secure_filename().
FAME is using this function to sanitize user-provided-input (the name of submitted files). It is possible to slow down (but not crash) the application by submitting a file which has a crafted malicious Unicode name (for instance: filename = '℀' * 1_000_000 ).
The impact is of medium severity (4.3), according to CVSS3. We consider it to be low impact.
The commit 1340418 resolves the issue.
We would like to thanks https://github.com/Sim4n6 for the initial report.
Sim4n6 Finder
When uploading a file on FAME, a user may intentionally use a large Unicode string which would lead to an application-level slowness/denial of service. This is due to no limitation being set on the length of the filename and the costly use of the Unicode normalization in Werkzeug function
secure_filename().FAME is using this function to sanitize user-provided-input (the name of submitted files). It is possible to slow down (but not crash) the application by submitting a file which has a crafted malicious Unicode name (for instance:
filename = '℀' * 1_000_000).The impact is of medium severity (4.3), according to CVSS3. We consider it to be low impact.
The commit 1340418 resolves the issue.
We would like to thanks https://github.com/Sim4n6 for the initial report.