140 matches found
InvenTree File Upload Vulnerability
InvenTree is an open source inventory management system from InvenTree Open Source. Provides powerful low-level inventory control and parts tracking . A file upload vulnerability exists in InvenTree versions prior to 0.7.2, which stems from the application's lack of effective validation of upload...
InvenTree Cross-Site Scripting Vulnerability
InvenTree is an open source inventory management system from InvenTree Open Source. Provides powerful low-level inventory control and parts tracking . A cross-site scripting vulnerability exists in InvenTree versions prior to 0.7.2, which stems from the application's lack of filtering and escapin...
CVE-2022-2134
Allocation of Resources Without Limits or Throttling in GitHub repository inventree/inventree prior to 0.8.0...
CVE-2022-2134
Allocation of Resources Without Limits or Throttling in GitHub repository inventree/inventree prior to 0.8.0...
InvenTree 资源管理错误漏洞
InvenTree is an open source inventory management system from InvenTree Open Source. Provides powerful low-level inventory control and parts tracking . A denial of service vulnerability exists in InvenTree versions prior to 0.8.0 that stems from the annotations feature not including a character...
PT-2022-14950 · Inventree · Inventree
Name of the Vulnerable Software and Affected Versions: inventree versions prior to 0.8.0 Description: The issue concerns the allocation of resources without limits or throttling, leading to a Denial of Service. This can cause the system to become unresponsive or crash. Recommendations: For versio...
CVE-2022-2134
CVE-2022-2134 affects the InvenTree project (inventree/inventree) prior to version 0.8.0, where the issue derives from allocating resources without limits or throttling in the notes/annotations feature. This can allow an attacker to exhaust server resources and potentially cause denial of service...
CVE-2022-2134 Allocation of Resources Without Limits or Throttling in inventree/inventree
Allocation of Resources Without Limits or Throttling in GitHub repository inventree/inventree prior to 0.8.0...
Lack of Character Limit in Notes Sections Leads to Denial of Service
Description The InvenTree application allows for the inclusion of notes for various objects in the application. The notes functionality does not include a character limit. An attacker can submit an infinite number of characters into the notes section, which causes a denial of service and increase...
GHSA-9HX5-JMXV-X44Q CSV Injection in inventree
Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2...
CVE-2022-2113
Cross-site Scripting XSS - Stored in GitHub repository inventree/inventree prior to 0.7.2...
CVE-2022-2111
Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2...
CVE-2022-2112
Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2...
CVE-2022-2113
Cross-site Scripting XSS - Stored in GitHub repository inventree/inventree prior to 0.7.2...
CVE-2022-2112
Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2...
CVE-2022-2111
Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2...
Cross site scripting
Cross-site Scripting XSS - Stored in GitHub repository inventree/inventree prior to 0.7.2...
Design/Logic Flaw
Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2...
CVE-2022-2113
InvenTree (open source inventory system) has a stored XSS vulnerability in versions prior to 0.7.2, arising from insufficient filtering/escaping of parameter data. The issue affects the part/description data stored and can lead to execution of malicious JavaScript on the client side when rendered...
CVE-2022-2113 Cross-site Scripting (XSS) - Stored in inventree/inventree
Cross-site Scripting XSS - Stored in GitHub repository inventree/inventree prior to 0.7.2...