|Release Date:||2014-03-03 (Last update can be found below the document title)|
|Description:||False Zip File Size Attack|
|Criticality Level:||Less Critical ( Less Critical < Critical < Moderately Critical < Highly Critical )|
|Impact:||Denial of Service|
A malicious user could upload a specially formed zip file in order to bypass Canvas' quota checking and extract much larger files than are meant to be allowed. This attack could potentially be used as a Denial of Service attack vector on job workers, and increase Canvas hosting costs.
Fixed in Canvas Cloud. Users of Canvas CV are encouraged to either update to the most recent stable code or apply the patch manually.