← Projects
CVE
ctfd-whale Security Patch
Found and patched a vulnerability in ctfd-whale, the Docker challenge manager used in CTF platforms globally. CVE pending.
PythonDockerCTFd
Problem
ctfd-whale had a flaw that could be exploited to bypass the per-team container limit — undermining fair competition and enabling resource exhaustion on the host.
Solution
Identified the issue through source code audit. Traced the root cause, wrote a patch, and submitted PR #25 to the maintainer following responsible disclosure.
Impact
Patch merged. CVE ID pending MITRE assignment. ctfd-whale is deployed across university and public CTF infrastructure globally.
Outcomes
- —Root cause identified through source code audit
- —PR #25 merged to ctfd-whale main
- —CVE ID pending MITRE assignment
- —Responsible disclosure followed end-to-end