Описание
An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.0.0 (включая) до 3.2.0 (включая)
cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00692
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 7.5
debian
почти 6 лет назад
An issue was discovered in Zammad 3.0 through 3.2. The WebSocket serve ...
github
больше 3 лет назад
An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process.
EPSS
Процентиль: 71%
0.00692
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-20