CVE-2023-50248

Summary

CVE-2023-50248 is a vulnerability affecting the open-source data management system CKAN, used for powering data hubs and data portals. Versions 2.0.0 and prior to 2.9.10 and 2.10.3 contain a flaw, where a malicious actor with permissions to create or edit datasets can cause an out-of-memory error on the hosting server. This is triggered by making a POST request to the `/dataset/new` endpoint, containing a specially-crafted field. This issue has been addressed in CKAN versions 2.10.3 and 2.9.10, making it essential for users to update their systems promptly to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.