Primary

Context

InvenTree Uncontrolled Memory Allocation Vulnerability in Label-Sheet Plugin Allowing Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in InvenTree, an open-source inventory management system, prior to version 0.17.13. The issue arises in the built-in label-sheet plugin, where the skip field does not have an upper limit. This lack of restriction allows authenticated users who print labels to send large values, causing the server to create excessively large Python lists. This memory exhaustion can lead to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes memory exhaustion on the server, leading to a denial-of-service condition where the application may become unresponsive or slow down significantly.

Remediation

Users can upgrade to InvenTree version 0.17.13 or later to address this vulnerability. No other workarounds are available.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

InvenTree Uncontrolled Memory Allocation Vulnerability in Label-Sheet Plugin Allowing Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

InvenTree

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating