Lucene search

PalantirCVELIST:CVE-2022-27897

HistoryFeb 16, 2023 - 12:00 a.m.

CVE-2022-27897 Palantir Gotham included an endpoint that would log arbitrary sized zip files.

2023-02-1600:00:00

CWE-20

Palantir

www.cve.org

palantir gotham

cve-2022-27897

arbitrary size

zip file upload

vulnerability

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

33.7%

JSON

Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server.

CNA Affected

[
  {
    "vendor": "Palantir",
    "product": "Gotham",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "3.22.11.2",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-12.md

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

33.7%

JSON

Related for CVELIST:CVE-2022-27897