Comments (2)
cyberw
commented on June 2, 2024
Hi! Please provide some details on how this could impact locust? If it requires shell access it probably isnt very relevant.
from locust.
cyberw
commented on June 2, 2024
A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.
The locust image is not for running general purpose code, so being able to achieve local privilege escalation by running specific code is not really relevant.
Once an updated glibc is available in the parent image (python:3.11-slim), we'll get it automatically.
from locust.
Related Issues (20)
- Locust spams error if Host is invalid HOT 1
- [LocustLineChart] Implement an option/configuration for users to customize the color of the LocustLineChart. HOT 7
- Add support with logging.config.dictConfig HOT 2
- Modern UI - User class picker - add option to enable/disable everything.
- Allow users to define custom metrics to track HOT 1
- Modern UI: ability to sort tables by column specific column HOT 1
- After launching the web interface and accessing I see CRITICAL/locust.web 404 Not Found in output HOT 4
- Modern UI: Add exception message column on the Exception Statistics HOT 1
- Modern UI: Average Response Time and 95th percentile have the same color HOT 2
- Same API call of the different URL string. HOT 1
- [Report][Modern-UI] HTML report is blank HOT 9
- Feature Request: Support for multiple real users to access the Locust UI simultaneously, each managing their own tests HOT 1
- Bug / Feature request: Time intensive `custom_messages` functions trigger heartbeat timeout HOT 4
- Blank page when accessing Locust Web UI via reverse proxy with subpath HOT 3
- SocketIOUser send method supports specific subscribe request HOT 1
- Statistics not visible while testing WebSockets using User module
- Python Crash during running distributed mode HOT 2
- Workers shutting down with getting no response from master after stopping or ending a load run HOT 3
- Need http2 requests support HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from locust.