CVE-2025-0704

A vulnerability, which was classified as problematic, was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. Affected is the function qrCode of the file src/main/java/io/github/controller/QrCodeController.java. The manipulation of the argument w/h leads to resource consumption. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/JoeyBling/bootplus/issues/26	Not Applicable
https://github.com/JoeyBling/bootplus/issues/26#issue-2786934642	Not Applicable
https://vuldb.com/?ctiid.293232	Permissions Required VDB Entry
https://vuldb.com/?id.293232	Third Party Advisory VDB Entry
https://vuldb.com/?submit.480843	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:joeybling:bootplus:*:*:*:*:*:*:*:*

History

10 Oct 2025, 19:04

Type	Values Removed	Values Added
First Time		Joeybling bootplus Joeybling
CPE		cpe:2.3:a:joeybling:bootplus::::::::
Summary		(es) Se ha encontrado una vulnerabilidad clasificada como problemática en JoeyBling bootplus hasta 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. La función qrCode del archivo src/main/java/io/github/controller/QrCodeController.java está afectada. La manipulación del argumento w/h provoca el consumo de recursos. Es posible lanzar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse. Este producto utiliza una versión continua para proporcionar una distribución continua. Por lo tanto, no hay disponibles detalles de las versiones afectadas ni de las versiones actualizadas.
References	~~() https://github.com/JoeyBling/bootplus/issues/26 -~~	() https://github.com/JoeyBling/bootplus/issues/26 - Not Applicable
References	~~() https://github.com/JoeyBling/bootplus/issues/26#issue-2786934642 -~~	() https://github.com/JoeyBling/bootplus/issues/26#issue-2786934642 - Not Applicable
References	~~() https://vuldb.com/?ctiid.293232 -~~	() https://vuldb.com/?ctiid.293232 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.293232 -~~	() https://vuldb.com/?id.293232 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.480843 -~~	() https://vuldb.com/?submit.480843 - Third Party Advisory, VDB Entry

24 Jan 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-24 19:15

Updated : 2025-10-10 19:04

NVD link : CVE-2025-0704

Mitre link : CVE-2025-0704

CVE.ORG link : CVE-2025-0704

JSON object : View

Products Affected

joeybling

bootplus

CWE

CWE-400

Uncontrolled Resource Consumption

CWE-404

Improper Resource Shutdown or Release

5.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2025-0704

5.3^/10

5.0^/10

Attach tags to `CVE-2025-0704`