VYPR

CWE-1088

Synchronous Access of Remote Resource without Timeout

BaseIncomplete

Description

The code has a synchronous call to a remote resource, but there is no timeout for the call, or the timeout is set to infinite.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (5)

  • CVE-2025-4656Jun 25, 2025
    risk 0.00cvss epss 0.00

    Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0,…

  • CVE-2024-12777Mar 20, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. The tracking server, which is single-threaded, can be made unresponsive by requesting it to connect to an unresponsive socket via sshfs. The lack of an…

  • CVE-2024-8062Mar 20, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a `HEAD` request to verify the existence of a specified resource without setting a timeout. An attacker can exploit this by sending multiple requests to…

  • CVE-2024-8061Mar 20, 2025
    risk 0.00cvss epss 0.00

    In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while…

  • CVE-2011-4137Oct 19, 2011
    risk 0.00cvss epss 0.03

    The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via…