admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-251xx/CVE-2024-25143.json
cad-safe-bot 722b9ed3d4 Auto-Update: 2024-10-02T18:00:19.734939+00:00
2024-10-02 18:03:18 +00:00

60 lines
2.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-25143",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-07T15:15:08.907",
"lastModified": "2024-10-02T16:15:09.833",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images."
},
{
"lang": "es",
"value": "Document and Media widget In Liferay Portal 7.2.0 a 7.3.6 y versiones anteriores no compatibles, y Liferay DXP 7.3 anteriores al service pack 3, 7.2 anteriores al fix pack 13 y versiones anteriores no compatibles, no limita el consumo de recursos al generar una vista previa image, que permite a los usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de im\u00e1genes PNG manipuladas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25143",
"source": "security@liferay.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink