Improper Input Validation in athou/commafeed


Reported on

Jul 23rd 2022


Input validation is a frequently-used technique for checking potentially dangerous inputs in order to ensure that the inputs are safe for processing within the code, or when communicating with other components. When software does not validate input properly, an attacker is able to craft the input in a form that is not expected by the rest of the application. This will lead to parts of the system receiving unintended input, which may result in altered control flow. There's no bound limit set on the number of characters/special characters in the name field of catagory, which potentially allows bulk inputs to surge on the demo version.

Steps to reproduce

Step 1. Goto -

Step 2. Register & SignIn

Step 3. Navigate to:

Step 4. Can flood boundless characters on Name field

Step 5. Done

Proof of Concept

PoC Image link:


-> Denial of Service -> This vulnerability is capable of bringing down the availability if the max limit (eg: 128) is not settled on the mentioned field.

We are processing your report and will contact the athou/commafeed team within 24 hours. a year ago
A GitHub Issue asking the maintainers to create a exists a year ago
We have contacted a member of the athou/commafeed team and are waiting to hear back a year ago
Jérémie Panzer validated this vulnerability a year ago
7h3h4ckv157 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Jérémie Panzer marked this as fixed in 2.6.0 with commit fe8756 a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
Jérémie Panzer gave praise a year ago
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
a year ago


My pleasure! ❤

a year ago


@maintainer Can we go for a CVE ??

to join this conversation