CVE-2024-21651
- Source
- https://cve.org/CVERecord?id=CVE-2024-21651
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-21651.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-21651
- Aliases
- Published
- 2024-01-08T23:30:03.580Z
- Modified
- 2026-04-10T05:09:51.170981Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- XWiki Denial of Service attack through attachments
- Details
-
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU consumption. This vulnerability has been patched in XWiki 14.10.18, 15.5.3 and 15.8 RC1.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-400" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/21xxx/CVE-2024-21651.json" }- References
Affected packages
Git / github.com/xwiki/xwiki-platform
Affected ranges
Affected versions
xwiki-platform-14.*
xwiki-platform-14.10
xwiki-platform-14.10.1
xwiki-platform-14.10.10
xwiki-platform-14.10.11
xwiki-platform-14.10.12
xwiki-platform-14.10.13
xwiki-platform-14.10.14
xwiki-platform-14.10.15
xwiki-platform-14.10.16
xwiki-platform-14.10.17
xwiki-platform-14.10.2
xwiki-platform-14.10.3
xwiki-platform-14.10.4
xwiki-platform-14.10.5
xwiki-platform-14.10.6
xwiki-platform-14.10.7
xwiki-platform-14.10.8
xwiki-platform-14.10.9