Details
-
Type:
Bug
-
Status: Done
-
Priority:
(None)
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 2.7.1, 3.0.0, 2.6.2, 3.0.0-report
-
Labels:
-
Story Points:1
-
Backlog:yes
-
Days in progress:0
Description
Currently there's a vulnerability in the websocket API in deviceconnect as it will accept and buffer messages of arbitrary, exposing a potential buffer overflow vector.
Acceptance criteria:
- Messages over websockets must be constrain to a certain max size