Uncontrolled Resource Consumption

2024-05-1504:00:31

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

uncontrolled resource consumption

denial of service

server-side

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

typo3/cms-core is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to a lack of cryptographic HMAC-signature on the frame HTTP query parameter in the ShowImageController, which allows attackers to generate an arbitrary number of thumbnail images on the server side which can potentially leads to a denial of service by exhausting server resources.

CPENameOperatorVersion
typo3/cms-corelev11.5.36
typo3/cms-corelev12.4.14
typo3/cms-corelev10.4.37
typo3/cms-corelev13.1.0
typo3/cms-corelev9.5.31
typo3/cms-corelev11.5.36
typo3/cms-corelev12.4.14
typo3/cms-corelev10.4.37
typo3/cms-corelev13.1.0
typo3/cms-corelev9.5.31

Name	Operator	Version
typo3/cms-core	le	v11.5.36
typo3/cms-core	le	v12.4.14
typo3/cms-core	le	v10.4.37
typo3/cms-core	le	v13.1.0
typo3/cms-core	le	v9.5.31
typo3/cms-core	le	v11.5.36
typo3/cms-core	le	v12.4.14
typo3/cms-core	le	v10.4.37
typo3/cms-core	le	v13.1.0
typo3/cms-core	le	v9.5.31