Memory Leak as Denial of service attack

cancel
Showing results for 
Search instead for 
Did you mean: 
jjrabadan
Partner

Memory Leak as Denial of service attack

Goog morning:

 

I'd like to know if the community versions of Alfresco have also this issue. If so, are there any patches ready to fix this problem?

Thank you.

 

Best regards,

 

 

5 Replies
angelborroy
Alfresco Employee

Re: Memory Leak as Denial of service attack

May you give more details on the issue?

I'm not aware of any similar to the one you describe.

Hyland Developer Evangelist
Coin
Member II

Re: Memory Leak as Denial of service attack

We received this email from Hyland last Friday:

Screenshot 2022-11-21 at 16.37.39.png

But I'm unable to access the detail page for this. @angelborroy is there a CVE description with details about version & general impact of this vulnerability?

Thanks!

angelborroy
Alfresco Employee

Re: Memory Leak as Denial of service attack

I'm not able to find that Technical Bulletin, not sure if that was published / distributed by error.

Hyland Developer Evangelist
jjrabadan
Partner

Re: Memory Leak as Denial of service attack

Hello, Angel:

 

thank you for your answer. Can you verify this point with the development team? If this security issue also happens on Community edition, a patch is needed (in orther to set the maximum memory an script can manage).  There are several customers in the world that use Alfresco Community in production environment.....

 

Thank you.

 

Best regards.

 

angelborroy
Alfresco Employee

Re: Memory Leak as Denial of service attack

Server side JavaScript code in Alfresco Repository is allowed, but this is mainly restricted to administrator users. The product can be limited / restricted in features in order to protect yourself from your administrators... but does this make sense?

Hyland Developer Evangelist