CVE-2021-25971

EPSS 0.98%
Veröffentlicht 20.10.2021 12:15:07
Zuletzt bearbeitet 21.11.2024 05:55:42
Quelle vulnerabilitylab@mend.io
CVE-Watchlists
Login
Unerledigt
Login

Camaleon CMS - SVG File Upload Creates DoS for Media Upload Feature

In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tuzitio ≫ Camaleon Cms Version >= 2.0.1 <= 2.6.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.98%	0.575

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P
vulnerabilitylab@mend.io	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE-248 Uncaught Exception

An exception is thrown from a function, but it is not caught.

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

https://github.com/owen2345/camaleon-cms/commit/ab89584ab32b98a0af3d711e3f508a1d048147d2

Patch

Third Party Advisory

https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25971

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-25971

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-25971

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-25971

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-25971