mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-29 01:31:20 +00:00
33 lines
966 B
JSON
33 lines
966 B
JSON
{
|
|
"id": "CVE-2024-9953",
|
|
"sourceIdentifier": "cret@cert.org",
|
|
"published": "2024-10-14T22:15:03.957",
|
|
"lastModified": "2024-10-14T22:15:03.957",
|
|
"vulnStatus": "Received",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A Potential DOS Vulnerability exists in CERT VINCE software prior to version 3.0.8. An authenticated administrative user can inject an arbitrary pickle object as part of a user's profile. This can lead to a potential DoS on the server when the user's profile is accessed. Django server does restrict unpickling from crashing the server."
|
|
}
|
|
],
|
|
"metrics": {},
|
|
"weaknesses": [
|
|
{
|
|
"source": "cret@cert.org",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-502"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://github.com/CERTCC/VINCE/issues?q=label%3Asecurity",
|
|
"source": "cret@cert.org"
|
|
}
|
|
]
|
|
} |