Primary

Context

Open OnDemand Denial-of-Service Vulnerability via Log Flooding in Shell App

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Open OnDemand, an open-source HPC portal. Users can generate excessive errors in the shell application, leading to the creation of large log files. This log flooding causes a denial-of-service condition on the OnDemand system. The vulnerability affects Open OnDemand versions 1.6 and above, prior to 3.1.14 and 4.0.6.

Impact

Excessive log generation can create very large log files, causing a denial-of-service condition on the OnDemand system.

Remediation

Users can upgrade to Open OnDemand versions 3.1.14 or 4.0.6, where this vulnerability has been patched. Centers may also apply the patch manually by replicating the changes from the GitHub pull request #4461 to the file '/var/www/ood/apps/sys/shell/app.js'.

Added: Jul 11, 2025, 10:18 PM

Updated: Jul 11, 2025, 10:18 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

5.9

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

5.9

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open OnDemand Denial-of-Service Vulnerability via Log Flooding in Shell App

Vulnerability

Impact

Remediation

Affected Products

OSC Open OnDemand

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating