Lucene search

[email protected]CVE-2023-5192

HistorySep 27, 2023 - 3:19 p.m.

CVE-2023-5192

2023-09-2715:19:42

CWE-1049

[email protected]

web.nvd.nist.gov

cve-2023-5192

excessive data query

large data table

github

repository

nvd

security vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

0.0005 Low

EPSS

Percentile

16.8%

JSON

Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0.

Affected configurations

NVD

Node

pimcorecoreRange<10.3.0

CPENameOperatorVersion
pimcore:corepimcore corelt10.3.0

CPE	Name	Operator	Version
pimcore:core	pimcore core	lt	10.3.0

CNA Affected

[
  {
    "vendor": "pimcore",
    "product": "pimcore/demo",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "10.3.0",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/pimcore/demo/commit/a2a7ff3b565882aefb759804aac4a51afb458f1f

huntr.dev/bounties/65c954f2-79c3-4672-8846-a3035e7a1db7

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

0.0005 Low

EPSS

Percentile

16.8%

JSON

Related for CVE-2023-5192

huntr1 osv2 nvd1 prion1 github1 cvelist1