Tag: toctou
All the articles with the tag "toctou".
-
Race Condition: abusing a single-use coupon with concurrent requests
OopsSec Store validates a coupon and increments its counter in two separate database calls. Send enough concurrent requests and several slip through the check before any of them completes the increment.
