Lucene search

Veracode Vulnerability DatabaseVERACODE:47383

HistoryJun 06, 2024 - 6:09 a.m.

Denial Of Service (DOS)

2024-06-0606:09:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

pimcore

software

vulnerability

oversized image

scaling

server cpu

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.7%

JSON

pimcore/pimcore is vulnerable to Denial Of Service. The vulnerability due to the lack of restrictions on the scaling factors that can be applied to image thumbnails, potentially creating disproportionately large files or overwhelming server CPU resources.

CPENameOperatorVersion
pimcore/pimcorele11.2.3
pimcore/pimcorele11.2.3

CPE	Name	Operator	Version
	pimcore/pimcore	le	11.2.3
	pimcore/pimcore	le	11.2.3

References

github.com/advisories/GHSA-277c-5vvj-9pwx

github.com/pimcore/pimcore/commit/38af70b3130f16fc27f2aea34e2943d7bdaaba06

github.com/pimcore/pimcore/commit/a6821a16ea38086bf6012e682e1743488244bd85

github.com/pimcore/pimcore/pull/17039

github.com/pimcore/pimcore/security/advisories/GHSA-277c-5vvj-9pwx

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.7%

JSON

Related for VERACODE:47383