References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and 4.0.6.

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE-400

CWE-779

https://github.com/OSC/ondemand/commit/40800d68cd019c5f1c48b2deafebba6dff4abee2

https://github.com/OSC/ondemand/commit/96f29b995e1add7562516614e4dc8d961987e8b4

https://github.com/OSC/ondemand/security/advisories/GHSA-x5xv-fw37-v524