CVE-2023-50248: 
Python vulnerability analysis and mitigation

CVE-2023-50248 affects CKAN, an open-source data management system for powering data hubs and data portals. The vulnerability was discovered and disclosed on December 13, 2023, affecting versions from 2.0.0 up to (but not including) versions 2.9.10 and 2.10.3. The issue allows authenticated users with dataset creation permissions to trigger an out-of-memory error on the hosting server through specially-crafted POST requests to the /dataset/new endpoint (GitHub Advisory, NVD).

The vulnerability involves submitting a POST request to the /dataset/new endpoint with a specially-crafted field. The attack requires either an auth cookie or the Authorization header to be present. The CVSS v3.1 base score is 6.5 (MEDIUM) according to NVD's assessment (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H), while GitHub rates it at 4.5 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H (NVD).

When successfully exploited, the vulnerability can cause an out-of-memory error in the hosting server, potentially leading to service disruption. The attack primarily affects the availability of the system, with no direct impact on confidentiality or integrity (GitHub Advisory).

The vulnerability has been patched in CKAN versions 2.9.10 and 2.10.3. Organizations running affected versions should upgrade to these patched versions to mitigate the risk (GitHub Advisory, NVD).