CVE-2024-5795
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
23.9%
A Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause unbounded resource exhaustion by sending a large payload to the Git server. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| github | enterprise_server | * | cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:* |
| github | enterprise_server | 3.13.0 | cpe:2.3:a:github:enterprise_server:3.13.0:*:*:*:*:*:*:* |
References
docs.github.com/en/[email protected]/admin/release-notes#3.10.14
docs.github.com/en/[email protected]/admin/release-notes#3.11.12
docs.github.com/en/[email protected]/admin/release-notes#3.12.6
docs.github.com/en/[email protected]/admin/release-notes#3.13.1
docs.github.com/en/[email protected]/admin/release-notes#3.9.17
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
23.9%