Описание
Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server.
Уязвимые конфигурации
Конфигурация 1Версия до 3.22.11.2 (исключая)
cpe:2.3:o:palantir:gotham:*:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.0011
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-20
CWE-20
Связанные уязвимости
CVSS3: 7.5
github
почти 3 года назад
Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server.
EPSS
Процентиль: 30%
0.0011
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-20
CWE-20