exploitDog

CVE-2022-4111

Опубликовано: 22 нояб. 2022

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB.

Ссылки

https://github.com/tooljet/tooljet/commit/01cd3f0464747973ec329e9fb1ea12743d3235cc
Patch
Third Party Advisory
https://huntr.dev/bounties/5596d072-66d2-4361-8cac-101c9c781c3d
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/tooljet/tooljet/commit/01cd3f0464747973ec329e9fb1ea12743d3235cc
Patch
Third Party Advisory
https://huntr.dev/bounties/5596d072-66d2-4361-8cac-101c9c781c3d
Exploit
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tooljet:tooljet:*:*:*:*:*:*:*:*

Версия до 1.27.0 (исключая)

EPSS

Процентиль: 59%

0.00385

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-1284

CWE-1284

Связанные уязвимости

GHSA-hgp8-w8fj-r4cm

CVSS3: 6.5

github

около 3 лет назад

ToolJet is vulnerable to Denial of Service (DoS)

EPSS

Процентиль: 59%

0.00385

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-1284

CWE-1284