CVE-2021-28667
First published: Thu Mar 18 2021(Updated: )
StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data (from an action or rule name).
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| pip/st2client | <3.4.1 | 3.4.1 |
| Stackstorm Stackstorm | <3.4.1 | |
| Python Python | <3.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-28667?
CVE-2021-28667 is a vulnerability in StackStorm before version 3.4.1 that can cause an infinite loop and consume all available memory and disk space in certain situations.
How does CVE-2021-28667 affect StackStorm?
CVE-2021-28667 affects StackStorm before version 3.4.1 when Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data from an action or rule name.
What is the severity of CVE-2021-28667?
The severity of CVE-2021-28667 is rated as high with a CVSS score of 7.5.
How can I fix CVE-2021-28667?
To fix CVE-2021-28667, update StackStorm to version 3.4.1.
Where can I find more information about CVE-2021-28667?
You can find more information about CVE-2021-28667 on the NIST NVD website, the StackStorm website, and the GitHub advisory page.
- collector/github-advisory
- alias/GHSA-39mj-fpg2-3jrg
- alias/CVE-2021-28667
- collector/github-advisory-latest
- collector/nvd-index
- collector/nvd-cve
- package-manager/pip
- vendor/stackstorm
- canonical/stackstorm stackstorm
- vendor/python
- canonical/python python