CVE-2024-22393

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-22393
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content. Users are recommended to upgrade to version [1.2.5], which fixes the issue.

9.1 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://www.openwall.com/lists/oss-security/2024/02/22/1
https://lists.apache.org/thread/f58l6dr4r74hl6o71gn47kmn44vw12cv
http://www.openwall.com/lists/oss-security/2024/02/22/1
https://lists.apache.org/thread/f58l6dr4r74hl6o71gn47kmn44vw12cv
Configurations

No configuration.

History

13 Feb 2025, 18:16

Type Values Removed Values Added
Summary (en) Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content. Users are recommended to upgrade to version [1.2.5], which fixes the issue. (en) Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content. Users are recommended to upgrade to version [1.2.5], which fixes the issue.
Information

Published : 2024-02-22 10:15

Updated : 2025-02-13 18:16

NVD link : CVE-2024-22393

Mitre link : CVE-2024-22393

CVE.ORG link : CVE-2024-22393

JSON object : View

Products Affected

No product.

CWE
CWE-434

Unrestricted Upload of File with Dangerous Type