exploitDog

CVE-2024-25407

Опубликовано: 13 фев. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID's to terminate other transactions.

Ссылки

https://github.com/steve-community/steve/issues/1296
Issue Tracking
Vendor Advisory
https://github.com/steve-community/steve/issues/1296
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:steve-community:steve:3.6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00173

Низкий

7.5 High

CVSS3

Дефекты

CWE-331

CWE-331

Связанные уязвимости

GHSA-hg7g-ghrw-94pc

CVSS3: 7.5

github

почти 2 года назад

SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID's to terminate other transactions.

EPSS

Процентиль: 39%

0.00173

Низкий

7.5 High

CVSS3

Дефекты

CWE-331

CWE-331