VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-v1bk-nt8x-tkhq

Vulnerability ID	VCID-v1bk-nt8x-tkhq
Aliases	CVE-2023-50248 GHSA-7fgc-89cx-w8j5
Summary	Improper Handling of Length Parameter Inconsistency CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the `/dataset/new` endpoint (including either the auth cookie or the `Authorization` header) with a specially-crafted field, an attacker can create an out-of-memory error in the hosting server. To trigger this error, the attacker need to have permissions to create or edit datasets. This vulnerability has been patched in CKAN 2.10.3 and 2.9.10.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-130	Improper Handling of Length Parameter Inconsistency
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
There are no known severity scores.

Reference id	Reference type	URL
		https://github.com/ckan/ckan/commit/bd02018b65c5b81d7ede195d00d0fcbac3aa33be
CVE-2023-50248		https://nvd.nist.gov/vuln/detail/CVE-2023-50248
GHSA-7fgc-89cx-w8j5		https://github.com/advisories/GHSA-7fgc-89cx-w8j5
GHSA-7fgc-89cx-w8j5		https://github.com/ckan/ckan/security/advisories/GHSA-7fgc-89cx-w8j5

No exploits are available.

There are no known vectors.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:46:35.169574+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ckan/CVE-2023-50248.yml	38.6.0