CVE-2024-21651

Опубликовано: 09 янв. 2024

Источник: nvd

CVSS3: 7.5

CVSS3: 6.5

EPSS Низкий

Описание

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU consumption. This vulnerability has been patched in XWiki 14.10.18, 15.5.3 and 15.8 RC1.

Ссылки

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8959-rfxh-r4j4
Issue Tracking
Vendor Advisory
https://jira.xwiki.org/browse/XCOMMONS-2796
Issue Tracking
Vendor Advisory
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8959-rfxh-r4j4
Issue Tracking
Vendor Advisory
https://jira.xwiki.org/browse/XCOMMONS-2796
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*

Версия от 14.10 (включая) до 14.10.18 (исключая)

cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*

Версия от 15.5 (включая) до 15.5.3 (исключая)

cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*

Версия от 15.6 (включая) до 15.8 (исключая)

EPSS

Процентиль: 65%

0.00497

Низкий

7.5 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-400

Связанные уязвимости

GHSA-8959-rfxh-r4j4

CVSS3: 7.5

github

около 2 лет назад

XWiki vulnerable to Denial of Service attack through attachments

EPSS

Процентиль: 65%

0.00497

Низкий

7.5 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-400