pcollections icon indicating copy to clipboard operation
pcollections copied to clipboard
verified publisher icon hrldcpr

Potential DoS via PCollections

Open ignasi35 opened this issue 7 years ago • 4 comments

I'd rather not disclose details yet to prevent zero-day.

@hrldcpr what is your preferred channel to report security-related issues?

ignasi35 avatar Oct 17 '18 11:10 ignasi35

Hi Ignasi, please use the email in my github profile. And thanks for bug-finding and discretion!

hrldcpr avatar Oct 17 '18 17:10 hrldcpr

If this situation is resolved, can the ticket be closed? Or is the situation that led to the DoS still an open issue?

bowbahdoe avatar Sep 19 '20 21:09 bowbahdoe

Thanks for checking on this, sad to say the issue still exists. It's quite a lot of work to fix though, but also isn't super critical in my opinion (Java Collections had the same issue for at least a decade).

I'll see if I can open some issues that would help lead to fixing it, and maybe someone can take a crack at it.

hrldcpr avatar Sep 20 '20 14:09 hrldcpr

👋 @hrldcpr in the meantime can you elaborate more on the issue at hand? we (at snyk) would like to add it to our vulnerability db if it is valid.

gurshafriri avatar Sep 21 '20 13:09 gurshafriri