GHSA-rmqp-mvv2-54c6

Опубликовано: 22 фев. 2024

Источник: github

Github: Прошло ревью

CVSS4: 7.1

CVSS3: 6.5

Описание

Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1.

Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content.

Users are recommended to upgrade to version 1.2.5, which fixes the issue.

Ссылки

Пакеты

Наименование

github.com/apache/incubator-answer

Затронутые версииВерсия исправления

< 1.2.5

1.2.5

EPSS

Процентиль: 96%

0.26701

Средний

7.1 High

CVSS4

6.5 Medium

CVSS3

CVE ID

CVE-2024-22393

Дефекты

CWE-434

Связанные уязвимости

CVE-2024-22393

CVSS3: 9.1

nvd

почти 2 года назад

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content. Users are recommended to upgrade to version [1.2.5], which fixes the issue.

EPSS

Процентиль: 96%

0.26701

Средний

7.1 High

CVSS4

6.5 Medium

CVSS3

CVE ID

CVE-2024-22393

Дефекты

CWE-434