No request body size limit on API and webhook servers #59

New Issue

Open

opened 2026-03-30 13:28:53 +00:00 by sharang · 0 comments

sharang commented 2026-03-30 13:28:53 +00:00

Owner

Copy Link

Neither the API server nor webhook server has a body size limit. Attackers can POST arbitrarily large payloads causing OOM. Fix: Add DefaultBodyLimit (2MB API, 64KB webhooks).

Neither the API server nor webhook server has a body size limit. Attackers can POST arbitrarily large payloads causing OOM. Fix: Add DefaultBodyLimit (2MB API, 64KB webhooks).

sharang added the infrastructuresecurityv0.3.0critical labels 2026-03-30 13:28:53 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

fix/multiple-issues

feat/cve-alerts

feat/e2e-tests

feat/help-chat-widget

fix/cascade-delete-repo

feat/refine-llm-prompts

fix/gitea-pr-review-error-handling

test/dummy-bad-code

fix/remove-code-review-from-findings

feat/pentest-onboarding

v0.2.0

Labels

Clear labels

bug

critical

enhancement

high

infrastructure

performance

security

v0.3.0

No Label critical infrastructure security v0.3.0

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

sharang

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: sharang/compliance-scanner-agent#59