WS-2021-0492

Date: December 16, 2021

This vulnerability affects all users of the perseus deploy functionality who have not exported their sites to static files. If you are using the inbuilt Perseus server in production, there is a memory leak in Actix Web stemming from this upstream issue which can allow even a single user to cause the process to exhaust its memory on low-memory servers by continuously reloading the page. Note that this issue does not affect all Actix Web applications, but rather results from certain usage patterns which appear to be present in Perseus' server mechanics. Patches: This vulnerability is addressed in all versions after Perseus v0.3.0-beta.21, which temporarily discontinues the use of perseus-actix-web (until the upstream bug is fixed) and switches to perseus-warp instead, which utilizes Warp. Additionally, as of Perseus v0.3.0-beta.22, the Actix Web integration has been upgraded to use the latest unstable beta version of Actix Web, which appears to resolve this issue. However, due to the instability of this version, the default integration will remain Warp for now, and a warning will appear if you attempt to use the Actix Web integration.

Language: RUST