CVE-2023-36260

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-36260

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-36260.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-36260

Aliases

GHSA-6p78-f7h9-6838

Published

2024-01-30T09:15:47.440Z

Modified

2026-04-10T05:01:36.364197Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote attackers to cause a denial of service (DoS) via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type with no volume selected. NOTE: this is not a report about code provided by the Craft CMS product; it is only a report about the Feed Me plugin. NOTE: a third-party report states that commit b5d6ede51848349bd91bc95fec288b6793f15e28 has "nothing to do with security."

References

Affected packages

Git / github.com/craftcms/feed-me

Affected ranges

Type: GIT
Repo: https://github.com/craftcms/feed-me
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b5d6ede51848349bd91bc95fec288b6793f15e28

Type: GIT
Repo: https://github.com/craftcms/feed-me
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b5d6ede51848349bd91bc95fec288b6793f15e28

Affected versions

1.*

1.4.0

1.4.1

1.4.10

1.4.11

1.4.12

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.4.9

2.*

2.0.0

2.0.1

2.0.10

2.0.11

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

3.*

3.0.0

3.0.0-beta.1

3.0.0-beta.10

3.0.0-beta.11

3.0.0-beta.12

3.0.0-beta.13

3.0.0-beta.14

3.0.0-beta.15

3.0.0-beta.16

3.0.0-beta.17

3.0.0-beta.18

3.0.0-beta.19

3.0.0-beta.2

3.0.0-beta.20

3.0.0-beta.21

3.0.0-beta.22

3.0.0-beta.23

3.0.0-beta.24

3.0.0-beta.25

3.0.0-beta.27

3.0.0-beta.28

3.0.0-beta.29

3.0.0-beta.3

3.0.0-beta.30

3.0.0-beta.4

3.0.0-beta.5

3.0.0-beta.6

3.0.0-beta.7

3.0.0-beta.8

3.0.0-beta.9

3.0.1

3.0.2

3.0.2.1

3.1.0

3.1.1

3.1.10

3.1.11

3.1.12

3.1.13

3.1.14

3.1.15

3.1.16

3.1.17

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.1.7

3.1.8

3.1.9

4.*

4.4.0

4.4.3

4.5.0

4.5.1

4.5.2

4.5.3

4.5.4

4.6.0

4.6.1

4.6.1.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-36260.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "4.6.1.1"
            }
        ]
    }
]