Description
Versions of apostrophe prior to 2.97.1 are vulnerable to Denial of Service. The apostrophe-jobs module sets a callback for incoming jobs and doesn’t clear it regardless of its status. This causes the server to accumulate callbacks, allowing an attacker to start a large number of jobs and exhaust system memory.
Recommendation
Update the apostrophe package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.97.1
- Patched version(s): 2.97.1
References
Related Issues
- lobe-chat has an Open Redirect - CVE-2025-59426
- Cross-site Scripting in cesium - CVE-2023-48094
- Command Injection in node-rules - Vulnerability
- Cross-site Scripting in epubjs - CVE-2021-33040
- Tags:
- npm
- apostrophe
Anything's wrong? Let us know Last updated on January 09, 2023