Lucene search

Japan Vulnerability NotesJVN:70502982

HistoryJun 20, 2023 - 12:00 a.m.

JVN#70502982: SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)

2023-06-2000:00:00

Japan Vulnerability Notes

jvn.jp

synck graphica

mailform pro cgi

redos

dos

update the software

mailform pro cgi 4.3.1.2

prefcode.js add-on

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

72.4%

JSON

Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service (ReDoS) vulnerability (CWE-1333).

Impact

A remote attacker may be able to cause a denial-of-service (DoS).

Solution

Update the Software
Update the software to the latest version according to the information provided by the developer.

Products Affected

Mailform Pro CGI 4.3.1.2 and earlier
According to the developer, Mailform Pro CGI is affected when prefcode/prefcode.js Add-on is enabled.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

72.4%

JSON

Related for JVN:70502982