exploitDog

CVE-2024-57435

Опубликовано: 31 янв. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure.

Ссылки

https://github.com/peccc/restful_vul/blob/main/mall_tiny_dos/mall_tiny_dos.md
Exploit
Third Party Advisory
https://github.com/peccc/restful_vul/blob/main/mall_tiny_dos/mall_tiny_dos.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:macrozheng:mall-tiny:1.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00176

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-476

Связанные уязвимости

GHSA-p7gc-vhmf-5wjc

CVSS3: 6.5

github

около 1 года назад

In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure.

EPSS

Процентиль: 39%

0.00176

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-476