Veracode Vulnerability DatabaseVERACODE:40104Denial Of Service (DoS)
0.002 Low
EPSS
Percentile
57.4%
wagtail is vulnerable to Denial of Service (DoS) attacks. The vulnerability exists because it does not properly validate the file size in fields.py which allows an attacker to cause an application crash.
References
docs.wagtail.org/en/stable/reference/settings.html#wagtailimages-max-upload-size
github.com/wagtail/wagtail/commit/25bf34b288478f079ac9e1cd088b20bb3db76369
github.com/wagtail/wagtail/commit/3c0c64642b9e5b8d28b111263c7f4bddad6c3880
github.com/wagtail/wagtail/commit/8b3764a92d4315d26e54f76989e56360027465df
github.com/wagtail/wagtail/commit/c9d2fcd650a88d76ae122646142245e5927a9165
github.com/wagtail/wagtail/commit/cfa11bbe00dbe7ce8cd4c0bbfe2a898a690df2bf
github.com/wagtail/wagtail/commit/d4022310cbe497993459c3136311467c7ac6329a
github.com/wagtail/wagtail/releases/tag/v4.1.4
github.com/wagtail/wagtail/releases/tag/v4.2.2
github.com/wagtail/wagtail/security/advisories/GHSA-33pv-vcgh-jfg9
Related
