Could return malformed JSON, incorrect types, missing keys, infinite responses (causing potential issues with bandwidth, memory, disk storage usage), and so on.
Validation and tests are required to make sure CloudTube doesn't hit any severe errors.
Reducing the instances that can be used would help stop this problem before it starts, but it cannot be relied on as a true solution.
Some thoughts:
- 'slow HTTP' attack — would need to time-out connections so that a malicious instance can't trickle back bytes at a time and keep a connection open for a long time
- need to limit the size of the response body
Things like issues in the JSON decoder are so severe that they could probably also be exploited through other means (e.g. on the public HTTP web interface provided by CloudTube)