Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:41882
HistoryJul 31, 2023 - 9:41 a.m.

Denial Of Service (DoS)

2023-07-3109:41:13
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
denial of service
getkirby/cms
vulnerability
user.php
validatepassword
remote attacker
application slowdown

0.001 Low

EPSS

Percentile

41.5%

JSON

getkirby/cms is vulnerable to Denial of Service. The vulnerability exists in the validatePassword function in User.php because it does not limit the password length, which can cause CPU and memory resource exhaustion when hashing if the attacker submits a password thats the the max size of a request body, allowing a remote attacker to cause an application slowdown.

Related

osv 2
cvelist 1
github 1
cve 1
prion 1
osv
osv
Denial of service from unlimited password lengths
2023-07-28 15:34:13
CVE-2023-38492
2023-07-27 16:15:11
cvelist
cvelist
CVE-2023-38492 Kirby vulnerable to denial of service from unlimited password lengths
2023-07-27 15:43:55
github
github
Denial of service from unlimited password lengths
2023-07-28 15:34:13
cve
cve
CVE-2023-38492
2023-07-27 16:15:11
prion
prion
Design/Logic Flaw
2023-07-27 16:15:00

0.001 Low

EPSS

Percentile

41.5%

JSON
Related for VERACODE:41882
osv2cvelist1github1cve1prion1