Описание
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.
Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content. Users are recommended to upgrade to version [1.2.5], which fixes the issue.
Ссылки
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.5 (исключая)
cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.26701
Средний
9.1 Critical
CVSS3
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 6.5
github
почти 2 года назад
Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability
EPSS
Процентиль: 96%
0.26701
Средний
9.1 Critical
CVSS3
Дефекты
CWE-434