5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
57.3%
Drupal Security Team reports:
Drupal core’s Image module allows for the on-demand generation
of image derivatives. This capability can be abused by requesting
a large number of new derivatives which can fill up the server disk
space, and which can cause a very high CPU load. Either of these
effects may lead to the site becoming unavailable or unresponsive.