3 matches found
GHSA-M2Q5-XHQG-92R2 evershop allows unauthenticated attackers to exhaust application server's resources via "GET /images" API
A Denial of Service DoS vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the...
CVE-2025-67419
CVE-2025-67419 describes a DoS in evershop prior to 2.1.0 where unauthenticated attackers can exhaust server resources via the GET /images endpoint while processing SVG files. Root cause: the application does not bound the height of the use-element shadow tree or the dimensions of pattern tiles d...
PT-2026-1330
Name of the Vulnerable Software and Affected Versions evershop versions prior to 2.1.0 Description A Denial of Service DoS issue exists in evershop that allows unauthenticated attackers to exhaust application server resources. This occurs through the use of the ''GET /images'' API endpoint. The...