vulnerability had the potential to crash a Dapr sidecar with an out-of-memory denial of service attack vector. We found the vulnerability a�er performing the threat modelling goal and understanding the flow infrastructure to access private emails of human activists4. As such, we consider this an attack vector that well-funded threat actors are willing to attempt. Breaching the cloud providersʼ infrastructure request a large object from a cloud service that exhausts memory of the Dapr sidecar. The attack vector of this umbrella issue is that a lower-privileged user can purposefully add a large object to a cloud