GHSA-PJ6Q-4VQ4-R8CG: GHSA-PJ6Q-4VQ4-R8CG: Unauthenticated Resource Exhaustion and State Manipulat…

1 / 2

GHSA-PJ6Q-4VQ4-R8CG: GHSA-PJ6Q-4VQ4-R8CG: Unauthenticated Resource Exhaustion and State Manipulation in Ech0 API

DEV Community·CVE Reports·25 days ago

#SsUVzk9n

#exploit #security #cve #cybersecurity #ech0 #application

Reading 0:00

15s threshold

GHSA-PJ6Q-4VQ4-R8CG: Unauthenticated Resource Exhaustion and State Manipulation in Ech0 API Vulnerability ID: GHSA-PJ6Q-4VQ4-R8CG CVSS Score: 5.3 Published: 2026-05-07 The Ech0 lightweight publishing platform exposes an unauthenticated, rate-unlimited API endpoint that permits arbitrary modification of content metrics. Because this endpoint directly triggers database transactions and simultaneously invalidates multiple application cache layers, it serves as an exploitable vector for resource exhaustion Denial of Service (DoS) and cache-stampede attacks. TL;DR An unauthenticated API endpoint in Ech0 allows attackers to artificially inflate post metrics. Repeated requests force heavy database writes and cache invalidations, causing severe resource exhaustion and denial of service.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

GHSA-PJ6Q-4VQ4-R8CG: GHSA-PJ6Q-4VQ4-R8CG: Unauthenticated Resource Exhaustion and State Manipulation in Ech0 API