python · bugsinkHeads-up
Bugsink DoS via excessive custom tags
Bugsink versions before 2.2.2 are vulnerable to a denial of service via excessive custom tags in an event, causing delayed ingestion for other events.
What changed
Bugsink versions before 2.2.2 are vulnerable to a denial of service via excessive custom tags in an event, causing delayed ingestion for other events.
Who it affects
Bugsink instances that accept events from DSN holders, especially if DSNs are exposed in client-side applications.
What to do today
Update to version 2.2.2 to cap the number of tags per event (default 100, configurable via MAX_EVENT_TAGS).
The trail
Collected→
Audited→
Written→
Published