Impact
Users hosting their own instance of shields may be vulnerable to a Denial of Service attack. An attacker may be able to crash the server's node process by sending a request with a malformed Authorization header, throwing an unhandled TypeError leading to an interruption in service.
Patches
The problem was fixed in 09988d9 (PR #5992)
If you install from dockerhub, docker pull shieldsio/shields:next to update to the latest version.
Impact
Users hosting their own instance of shields may be vulnerable to a Denial of Service attack. An attacker may be able to crash the server's node process by sending a request with a malformed
Authorizationheader, throwing an unhandledTypeErrorleading to an interruption in service.Patches
The problem was fixed in 09988d9 (PR #5992)
If you install from dockerhub,
docker pull shieldsio/shields:nextto update to the latest version.