CVE-2023-50248 : Security Advisory and Response
Learn about CVE-2023-50248, a vulnerability in CKAN data management system allowing attackers to cause an out-of-memory error, affecting versions 2.0.0 to 2.9.10 and 2.10.0 to 2.10.3.
CKAN out of memory error when submitting the dataset form with a specially-crafted field.
Understanding CVE-2023-50248
CKAN, an open-source data management system, is vulnerable to an out-of-memory error when a POST request with a specially-crafted field is submitted to the
/dataset/newWhat is CVE-2023-50248?
CVE-2023-50248 is a vulnerability in CKAN that allows an attacker to trigger an out-of-memory error in the hosting server by submitting a malicious field in a POST request to the
/dataset/newThe Impact of CVE-2023-50248
This vulnerability can be exploited by an attacker with permissions to create or edit datasets, leading to a denial of service condition due to an out-of-memory error on the server.
Technical Details of CVE-2023-50248
CKAN versions 2.0.0 to 2.9.10 and 2.10.0 to 2.10.3 are affected by this vulnerability.
Vulnerability Description
When a POST request with a specially-crafted field is submitted to the
/dataset/newAffected Systems and Versions
- Vendor: CKAN
- Product: CKAN
- Affected Versions: >= 2.0.0, < 2.9.10 and >= 2.10.0, < 2.10.3
Exploitation Mechanism
An attacker can exploit this vulnerability by submitting a POST request with a specially-crafted field to the
/dataset/newMitigation and Prevention
To address CVE-2023-50248, follow these steps:
Immediate Steps to Take
Upgrade CKAN to version 2.10.3 if using versions 2.0.0 to 2.9.10 or to version 2.10.3 if using versions 2.10.0 to 2.10.2.
Long-Term Security Practices
Regularly update CKAN to the latest version to patch known vulnerabilities and enhance system security.
Patching and Updates
Ensure that all systems running affected versions of CKAN are promptly updated to the patched versions to mitigate the risk of exploitation.