Vulnerability Details CVE-2022-25897
The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.5%
CVSS Severity
CVSS v3 Score 5.9
References
- https://github.com/eclipse/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5
- https://github.com/eclipse/milo/issues/1030
- https://github.com/eclipse/milo/pull/1031
- https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEMILO-2990191
- https://github.com/eclipse/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5
- https://github.com/eclipse/milo/issues/1030
- https://github.com/eclipse/milo/pull/1031
- https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEMILO-2990191