Описание
Etherpad < 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rate limiting and missing ownership check.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.8.3 (исключая)
cpe:2.3:a:etherpad:etherpad:*:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.0028
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-770
Связанные уязвимости
CVSS3: 7.5
debian
почти 5 лет назад
Etherpad < 1.8.3 is affected by a missing lock check which could cause ...
github
больше 3 лет назад
Etherpad < 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rate limiting and missing ownership check.
EPSS
Процентиль: 51%
0.0028
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-770