mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-29 01:31:20 +00:00
72 lines
2.9 KiB
JSON
72 lines
2.9 KiB
JSON
{
|
|
"id": "CVE-2024-56200",
|
|
"sourceIdentifier": "security-advisories@github.com",
|
|
"published": "2024-12-19T19:15:08.280",
|
|
"lastModified": "2024-12-19T19:15:08.280",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this software is running or placing a heavy load on the network it is using. This issue has been fixed in v12.24Q4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Altair es una bifurcaci\u00f3n de Misskey v12. La falta de validaci\u00f3n de solicitudes y de autenticaci\u00f3n en el proxy de im\u00e1genes para comprimir y redimensionar archivos remotos en las versiones afectadas podr\u00eda permitir ataques que podr\u00edan afectar la disponibilidad, como por ejemplo, aumentando de forma anormal el uso de CPU del servidor en el que se ejecuta este software o colocando una carga pesada en la red que est\u00e1 utilizando. Este problema se ha solucionado en v12.24Q4.1. Se recomienda a los usuarios que actualicen. No existen workarounds para esta vulnerabilidad."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "security-advisories@github.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
|
|
"baseScore": 8.6,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 4.0
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "security-advisories@github.com",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-400"
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-405"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://github.com/misskey-dev/misskey/security/advisories/GHSA-gq5q-c77c-v23600",
|
|
"source": "security-advisories@github.com"
|
|
},
|
|
{
|
|
"url": "https://github.com/nexryai/altair/commit/20bad5155a8d73f8d807c6c1ae0f7b8041331be8",
|
|
"source": "security-advisories@github.com"
|
|
},
|
|
{
|
|
"url": "https://github.com/nexryai/altair/security/advisories/GHSA-3pfm-hp96-pfgv",
|
|
"source": "security-advisories@github.com"
|
|
}
|
|
]
|
|
} |