Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-36568
HistoryDec 27, 2022 - 12:00 a.m.

CVE-2020-36568

2022-12-2700:00:00
ubuntu.com
ubuntu.com
6
unsanitized input
query parser
resource exhaustion
memory allocation
unix

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.005 Low

EPSS

Percentile

77.4%

Unsanitized input in the query parser in github.com/revel/revel before
v1.0.0 allows remote attackers to cause resource exhaustion via memory
allocation.

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.005 Low

EPSS

Percentile

77.4%