CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
82.1%
Vulnerability in DecodeConfig component of Golang programming language is related to uncontrolled consumption of resources.
resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial-of-service condition.
denial of service
Vulnerability of rcmail_action_mail_get->run() function of RoundCube Webmail mail client exists due to
failure to take measures to protect the structure of the web page. Exploitation of the vulnerability could allow an attacker,
acting remotely, to conduct a cross-site scripting (XSS) attack by sending specially crafted
malicious attachments
Vulnerability in the message_body() function of the program/actions/mail/show.php file of the RoundCube email client
Webmail exists due to failure to take measures to protect the structure of the web page. Exploitation of the vulnerability could
allow an attacker acting remotely to gain full access to the e-mail by sending a
specially crafted message
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
redos | 7.3 | x86_64 | roundcubemail | < 1.5.8-1 | UNKNOWN |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
82.1%