CVE-2021-32699
MEDIUM6.5EPSS 0.05%Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings
Description
### Impact All versions of Pterodactyl Wings preior to `1.4.4` are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intended and cause downstream impacts to other clients on the same hardware, eventually causing the physical server to stop responding. ### Patches Users should upgrade to `1.4.4`. ### Workarounds There is no non-code based workaround for impacted versions of the software. Users running customized versions of this software can manually set a PID limit for containers created. ### For more information If you have any questions or comments about this advisory: * Contact us on [Discord](https://discord.gg/pterodactyl) * Email us at `dane ät pterodactyl dot io`
Affected packages (2)
- Go/github.com/pterodactyl/wingsfrom 0, < 1.4.4
- Go/github.com/pterodactyl/wingsfrom 0, < 1.4.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H |