6.5
CVE-2025-32952
- EPSS 0.73%
- Veröffentlicht 22.04.2025 17:32:11
- Zuletzt bearbeitet 31.12.2025 15:55:53
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginJmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. This issue has been patched in versions 1.6.2 and 2.4.0. A workaround is provided on the Jmix documentation website.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Haulmont ≫ Cuba Platform Version >= 6.2.0 < 7.2.23
Haulmont ≫ Cuba Rest Api Version >= 7.1.1 < 7.2.7
Haulmont ≫ Jmix Framework Version >= 1.0.0 < 1.6.2
Haulmont ≫ Jmix Framework Version >= 2.0.0 < 2.4.0
Haulmont ≫ Jpa Web Api Version >= 1.0.0 < 1.1.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.73% | 0.722 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.