CVE-2026-27695 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

zae-limiter is a rate limiting library using the token bucket algorithm. Prior to version 0.10.1, all rate limit buckets for a single entity share the same Dyna…
Medium CVSS: 4.3

CVE-2026-27695

zae-limiter is a rate limiting library using the token bucket algorithm. Prior to version 0.10.1, all rate limit buckets for a single entity share the same DynamoDB partition key (`namespace/ENTITY#{id}`). A high-traffic entity can exceed DynamoDB's per-partition throughput limits (~1,000 WCU/sec), causing throttling that degrades service for that entity — and potentially co-located entities in the same partition. Version 0.10.1 fixes the issue.
Vendor
Zeroae
Product
Zae-limiter
CWE
CWE-770
Yayın Tarihi
2026-02-25 15:20:52
Güncelleme
2026-02-26 15:38:45
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-770 Zae-limiter MEDIUM Zeroae 2026

Referanslar

https://github.com/zeroae/zae-limiter/releases/tag/v0.10.1 https://github.com/zeroae/zae-limiter/security/advisories/GHSA-76rv-2r9v-c5m6