7.5
CVE-2024-42392
- EPSS 0.08%
- Veröffentlicht 18.11.2024 10:15:08
- Zuletzt bearbeitet 19.11.2024 17:55:51
- Quelle prodsec@nozominetworks.com
- CVE-Watchlists
- Unerledigt
LoginImproper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.244 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| prodsec@nozominetworks.com | 4 | 0.3 | 3.6 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
|
CWE-140 Improper Neutralization of Delimiters
The product does not neutralize or incorrectly neutralizes delimiters.