This would cause the affected service to have a high CPU utilization and also service log file to grow either until the process is killed or all the available disk space is exhausted (basically result in a DoS). Under such conditions, if StackStorm receives a payload with unicode characters which also results in the payload being logged, StackStorm process would go into an infinite-loop trying to decode that payload. The issue affects anyone who is running StackStorm under Python 3 and doesn’t have a system locale / encoding which is used for StackStorm service processes (st2api, st2actionrunner, etc.) set to UTF-8. By Tomaz Muraus and we are announcing StackStorm v3.4.1, a bug fix release which fixes a security issue which has been uncovered recently.
0 Comments
Leave a Reply. |