wger has an Uncontrolled Resource Consumption issue — GHSA-V25J-WQCW-FVHJ
GitHub · GitHub · GHSA-V25J-WQCW-FVHJ
ID
GHSA-V25J-WQCW-FVHJ
GHSA-V25J-WQCW-FVHJ
Date
Activity
Source
GitHub
GitHub
Vendor
GitHub
GitHub
Threat
medium
medium
CVSS
6.5
6.5
Summary
### Summary Any authenticated user can create a routine spanning an arbitrarily long date range (e.g. 100 years) and then trigger the `date_sequence` computation via any of the routine detail endpoints. The server iterates once per day in an unbounded `while` loop with no maximum duration validation, causing a single HTTP request to consume multiple seconds of server CPU and return a response containing tens of…
Product
pip: wger
What to do
General, cautious steps (verify details in the official source):
- Review exposure and plan remediation based on risk and environment.
- Identify affected product versions in your inventory and verify whether you are impacted.
- Apply vendor patches/updates or recommended mitigations as soon as available.
- Read the official advisory for exact affected versions and remediation steps.