7 matches found
CVE-2026-53653
Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...
CVE-2026-53653
Grav (file-based web platform) contains CVE-2026-53653: unauthenticated denial of service by requesting image derivatives with oversized dimensions via URL actions like forceResize in Grav::fallbackUrl. The root cause is that request parameters are passed to ImageMedium magic actions without a di...
EUVD-2026-42943
Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...
CVE-2026-53653 Grav: Unauthenticated denial of service via unbounded image derivative dimensions
Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...
UBUNTU-CVE-2022-25275
In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However,...
PT-2022-17184 · Drupal · Drupal
Name of the Vulnerable Software and Affected Versions: Drupal versions prior to the fixed version Description: The Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access ...
Denial Of Service (DoS)
drupal/core is vulnerable to denial of service DoS attacks. Attackers can create a large number of image derivatives when the imageallowinsecurederivatives setting is enabled, consuming server disk space...