Skip to content

Potential out-of-memory in AbstractSockJsService [SPR-10893] #15521

New issue
New issue
Closed
Closed
Potential out-of-memory in AbstractSockJsService [SPR-10893]#15521
Assignees
rstoyanchev
Labels
in: webIssues in web modules (web, webmvc, webflux, websocket)type: enhancementA general enhancement
Milestone
4.0 RC1
@spring-projects-issues

Description

@spring-projects-issues
spring-projects-issues
opened on Sep 4, 2013

Sergey Shcherbakov opened SPR-10893 and commented

The knownSockJsPrefixes set grows with every distinctive request path and gets never cleared in the AbstractSockJsService.
This actually presents a potential memory leakage and "out of memory" attack threat.
This may happen when the client uses unique paths in requests to connect to SockJS service and validSockJsPrefixes list is configured to be empty to handle SockJS HTTPs requests with dynamic path.

Affects: 4.0 M3

Referenced from: commits 02cb866

Metadata

Metadata

Assignees

Labels

in: webIssues in web modules (web, webmvc, webflux, websocket)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions