Search for vulnerabilities
| Vulnerability ID | VCID-t3gx-x14x-2bf9 |
| Aliases |
CVE-2023-50248
GHSA-7fgc-89cx-w8j5 |
| Summary | Improper Handling of Length Parameter Inconsistency CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the `/dataset/new` endpoint (including either the auth cookie or the `Authorization` header) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server. To trigger this error, the attacker need to have permissions to create or edit datasets. This vulnerability has been patched in CKAN 2.10.3 and 2.9.10. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 0.0 |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| epss | 0.00181 | https://api.first.org/data/v1/epss?cve=CVE-2023-50248 |
| cvssv3.1 | 4.5 | https://github.com/ckan/ckan |
| generic_textual | MODERATE | https://github.com/ckan/ckan |
| cvssv3.1 | 4.5 | https://github.com/ckan/ckan/commit/bd02018b65c5b81d7ede195d00d0fcbac3aa33be |
| generic_textual | MODERATE | https://github.com/ckan/ckan/commit/bd02018b65c5b81d7ede195d00d0fcbac3aa33be |
| cvssv3.1 | 4.5 | https://github.com/ckan/ckan/security/advisories/GHSA-7fgc-89cx-w8j5 |
| generic_textual | MODERATE | https://github.com/ckan/ckan/security/advisories/GHSA-7fgc-89cx-w8j5 |
| cvssv3.1 | 4.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-50248 |
| generic_textual | MODERATE | https://nvd.nist.gov/vuln/detail/CVE-2023-50248 |
| Reference id | Reference type | URL |
|---|---|---|
| https://api.first.org/data/v1/epss?cve=CVE-2023-50248 | ||
| https://github.com/ckan/ckan | ||
| https://github.com/ckan/ckan/commit/bd02018b65c5b81d7ede195d00d0fcbac3aa33be | ||
| CVE-2023-50248 | https://nvd.nist.gov/vuln/detail/CVE-2023-50248 | |
| GHSA-7fgc-89cx-w8j5 | https://github.com/advisories/GHSA-7fgc-89cx-w8j5 | |
| GHSA-7fgc-89cx-w8j5 | https://github.com/ckan/ckan/security/advisories/GHSA-7fgc-89cx-w8j5 |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Percentile | 0.39592 |
| EPSS Score | 0.00181 |
| Published At | May 30, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-05-30T21:02:47.739224+00:00 | GitLab Importer | Import | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ckan/CVE-2023-50248.yml | 38.6.0 |