Lucene search

GoogleOSV:CVE-2024-32871

HistoryJun 04, 2024 - 3:15 p.m.

CVE-2024-32871

2024-06-0415:15:45

Google

osv.dev

pimcore

open source platform

thumbnail generation

vulnerability

version 11.2.4

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.7%

JSON

Pimcore is an Open Source Data & Experience Management Platform. The Pimcore thumbnail generation can be used to flood the server with large files. By changing the file extension or scaling factor of the requested thumbnail, attackers can create files that are much larger in file size than the original. This vulnerability is fixed in 11.2.4.

CPENameOperatorVersion
pimcoreeq4.0.1
pimcoreeq6.6.9
pimcoreeq6.7.1
pimcoreeq6.8.5
pimcoreeq10.6.9
pimcoreeq5.1.3
pimcoreeq3.1.1
pimcoreeq10.5.22
pimcoreeq11.0.0-ALPHA7
pimcoreeq10.1.2

Name	Operator	Version
pimcore	eq	4.0.1
pimcore	eq	6.6.9
pimcore	eq	6.7.1
pimcore	eq	6.8.5
pimcore	eq	10.6.9
pimcore	eq	5.1.3
pimcore	eq	3.1.1
pimcore	eq	10.5.22
pimcore	eq	11.0.0-ALPHA7
pimcore	eq	10.1.2

Rows per page:

1-10 of 2471

References

github.com/pimcore/pimcore/commit/38af70b3130f16fc27f2aea34e2943d7bdaaba06

github.com/pimcore/pimcore/commit/a6821a16ea38086bf6012e682e1743488244bd85

github.com/pimcore/pimcore/security/advisories/GHSA-277c-5vvj-9pwx

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.7%

JSON

Related for OSV:CVE-2024-32871