Primary

Context

Bugsink Denial-of-Service Vulnerability via Crafted Brotli Compression

Vulnerability

A denial-of-service vulnerability has been identified in Bugsink, a self-hosted error tracking tool, in versions prior to 2.0.6. The issue arises when a specially crafted Brotli-compressed envelope is processed, causing Bugsink to use excessive CPU resources for decompression. This vulnerability can be exploited if the Data Source Name (DSN) is known, which is often the case in common configurations such as JavaScript and mobile applications.

Impact

Exploitation of this vulnerability leads to a significant increase in CPU usage, causing a denial-of-service condition on the affected system.

Remediation

Users can upgrade to Bugsink version 2.0.6 or later to address this vulnerability.

Added: Nov 10, 2025, 10:20 PM

Updated: Nov 10, 2025, 10:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bugsink Denial-of-Service Vulnerability via Crafted Brotli Compression

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating