CVE-2022-37034

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-37034

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-37034.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-37034

Published

2023-02-01T23:15:09.337Z

Modified

2026-02-13T02:34:43.402839Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests.

References

https://www.dotcms.com/security/SI-65

Affected packages

Git / github.com/dotcms/core

Affected ranges

Type: GIT
Repo: https://github.com/dotcms/core
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

42b7b5d96dc181f72e7182e5e6b1f9889c13f093

Introduced

01031f2babd0dee6b4360656206e1f5015deef2e

Fixed

11042a81859b31ac599335a6649b2d6fb616d52b

Introduced

cd47f803452f1ec7a122f499bba63591e601f283

Fixed

48f1f38a195794dc0e7c40136aa319c1a13f7c5f

Affected versions

v22.*

v22.03

v22.03.1

v22.03.2

v22.03.3

v22.09

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-37034.json"