Vulnerability Description
octo-sts is a GitHub App that acts like a Security Token Service (STS) for the Github API. This vulnerability can spike the resource utilization of the STS service, and combined with a significant traffic volume could potentially lead to a denial of service. This vulnerability is fixed in 0.1.0
CVSS Score
LOW
Related Weaknesses (CWE)
References
- https://github.com/octo-sts/app/commit/74ba874c017cf973edd6711144cf4399a9fcff57
- https://github.com/octo-sts/app/security/advisories/GHSA-75r6-6jg8-pfcq
- https://github.com/octo-sts/app/commit/74ba874c017cf973edd6711144cf4399a9fcff57
- https://github.com/octo-sts/app/security/advisories/GHSA-75r6-6jg8-pfcq
FAQ
What is CVE-2024-34079?
CVE-2024-34079 is a vulnerability with a CVSS score of 3.7 (LOW). octo-sts is a GitHub App that acts like a Security Token Service (STS) for the Github API. This vulnerability can spike the resource utilization of the STS service, and combined with a significant tra...
How severe is CVE-2024-34079?
CVE-2024-34079 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-34079?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.