CVE-2024-22393

CWE-434Unrestricted File Upload5 documents4 sources
Severity
9.1CRITICAL
EPSS
26.7%
top 3.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Github.com Apache/incubator-answerApache AnswerApache Software Foundation Apache Answer
Timeline
PublishedFeb 22
Latest updateJun 4

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content. Users are recommended to upgrade to version [1.2.5], which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

NVDapache/answer< 1.2.5

🔴Vulnerability Details

4
OSV
Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability in github.com/apache/incubator-answer2024-06-04
CVEList
Apache Answer: Pixel Flood Attack by uploading the large pixel file2024-02-22
GHSA
Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability2024-02-22
OSV
Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability2024-02-22