Customer Review App
Monthly
Denial of service conditions in SourceCodester Customer Review App 1.0 can be triggered by a locally authenticated low-privilege user through crafted input to the add_review, save_review, or get_all_reviews functions in review_app.py. Manipulation of the name or comment arguments causes improper resource shutdown or release (CWE-404), resulting in application unavailability. No public exploit identified at time of analysis has crossed into confirmed active exploitation per CISA KEV, but a publicly available proof-of-concept exists on Pastebin (https://pastebin.com/Ud5vaGp6), lowering the bar for reproduction.
Denial of service conditions in SourceCodester Customer Review App 1.0 can be triggered by a locally authenticated low-privilege user through crafted input to the add_review, save_review, or get_all_reviews functions in review_app.py. Manipulation of the name or comment arguments causes improper resource shutdown or release (CWE-404), resulting in application unavailability. No public exploit identified at time of analysis has crossed into confirmed active exploitation per CISA KEV, but a publicly available proof-of-concept exists on Pastebin (https://pastebin.com/Ud5vaGp6), lowering the bar for reproduction.