https://pulp.plan.io/https://pulp.plan.io/favicon.ico2020-06-30T18:02:51ZPulpPulp - Issue #7066: Denial of Service in pulp-content when CONTENT_PATH_PREFIX is followed by a `/`https://pulp.plan.io/issues/7066?journal_id=589372020-06-30T18:02:51ZSimonPe
<ul></ul><p>PR: <a href="https://github.com/pulp/pulpcore/pull/763" class="external">https://github.com/pulp/pulpcore/pull/763</a></p> Pulp - Issue #7066: Denial of Service in pulp-content when CONTENT_PATH_PREFIX is followed by a `/`https://pulp.plan.io/issues/7066?journal_id=590122020-07-02T17:08:43Zdaviddavis
<ul></ul><p>I was able to reproduce this:</p>
<pre><code>$ http :/pulp/content//
</code></pre>
<p>The content app hung for a while and then I saw this in the logs:</p>
<pre><code>Jul 02 19:48:20 pulp3-source-fedora.crake.example.com gunicorn[28299]: [2020-07-02 19:48:20 +0000] [28299] [CRITICAL] WORKER TIMEOUT (pid:28312)
Jul 02 19:48:21 pulp3-source-fedora.crake.example.com gunicorn[28299]: [2020-07-02 19:48:21 +0000] [28337] [INFO] Booting worker with pid: 28337
</code></pre> Pulp - Issue #7066: Denial of Service in pulp-content when CONTENT_PATH_PREFIX is followed by a `/`https://pulp.plan.io/issues/7066?journal_id=591402020-07-07T14:44:45Zfao89
<ul><li><strong>Triaged</strong> changed from <i>No</i> to <i>Yes</i></li><li><strong>Sprint</strong> set to <i>Sprint 76</i></li></ul> Pulp - Issue #7066: Denial of Service in pulp-content when CONTENT_PATH_PREFIX is followed by a `/`https://pulp.plan.io/issues/7066?journal_id=591752020-07-08T15:13:42Zdaviddavis
<ul><li><strong>Status</strong> changed from <i>NEW</i> to <i>POST</i></li><li><strong>Assignee</strong> set to <i>SimonPe</i></li></ul> Pulp - Issue #7066: Denial of Service in pulp-content when CONTENT_PATH_PREFIX is followed by a `/`https://pulp.plan.io/issues/7066?journal_id=594192020-07-10T18:32:30Zrchan
<ul><li><strong>Sprint</strong> changed from <i>Sprint 76</i> to <i>Sprint 77</i></li></ul> Pulp - Issue #7066: Denial of Service in pulp-content when CONTENT_PATH_PREFIX is followed by a `/`https://pulp.plan.io/issues/7066?journal_id=599872020-07-27T11:38:56ZSimonPe
<ul><li><strong>Status</strong> changed from <i>POST</i> to <i>MODIFIED</i></li></ul><p>Applied in changeset <a class="changeset" title="don't go into an infinite loop when `CONTENT_PATH_PREFIX` is followed by `/` this would cause `p..." href="https://pulp.plan.io/projects/pulp/repository/pulpcore/revisions/244988496900843a412e42ebff95468a4e682635">pulpcore|244988496900843a412e42ebff95468a4e682635</a>.</p> Pulp - Issue #7066: Denial of Service in pulp-content when CONTENT_PATH_PREFIX is followed by a `/`https://pulp.plan.io/issues/7066?journal_id=608342020-08-13T20:20:37Zdkliban@redhat.com
<ul><li><strong>Sprint/Milestone</strong> set to <i>3.6.0</i></li></ul> Pulp - Issue #7066: Denial of Service in pulp-content when CONTENT_PATH_PREFIX is followed by a `/`https://pulp.plan.io/issues/7066?journal_id=608962020-08-13T21:38:50Zpulpbot
<ul><li><strong>Status</strong> changed from <i>MODIFIED</i> to <i>CLOSED - CURRENTRELEASE</i></li></ul>