As part of a proactive security audit, we discovered and corrected the following vulnerability. We recommend all self-hosted installations of Humio update to the latest security release.
Insecure deserialization of YAML
Status: Fixed in Humio 1.10.1
Classification: Medium
Fixed an issue related to insecure deserilization of YAML files in our Dashboard Template files. The issue would have made it possible for an authenticated user to craft a recursive YAML file that when uploaded would exhaust the node responsible for reading the file. We found no evidence that this exploit have been utilized on our cloud.
Comments
0 comments
Article is closed for comments.