CVE-2024-55653

Exploit

EPSS 0.55%
Veröffentlicht 10.12.2024 23:15:06
Zuletzt bearbeitet 18.04.2025 17:35:00
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

PwnDoc is a penetration test report generator. In versions up to and including 0.5.3, an authenticated user is able to crash the backend by raising a `UnhandledPromiseRejection` on audits which exits the backend. The user doesn't need to know the audit id, since a bad audit id will also raise the rejection. With the backend being unresponsive, the whole application becomes unusable for all users of the application. As of time of publication, no known patches are available.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pwndoc Project ≫ Pwndoc Version < 0.9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.55%	0.674

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/pwndoc/pwndoc/security/advisories/GHSA-ggqg-3f7v-c8rc

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-55653

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-55653

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-55653

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-55653