CVE-2024-32871

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-32871

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32871.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-32871

Aliases

GHSA-277c-5vvj-9pwx

Related

GHSA-277c-5vvj-9pwx

Published

2024-06-04T15:15:45Z

Modified

2025-01-15T05:14:05.733865Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Pimcore is an Open Source Data & Experience Management Platform. The Pimcore thumbnail generation can be used to flood the server with large files. By changing the file extension or scaling factor of the requested thumbnail, attackers can create files that are much larger in file size than the original. This vulnerability is fixed in 11.2.4.

References

Affected packages

Git / github.com/pimcore/pimcore

Affected ranges

Type: GIT
Repo: https://github.com/pimcore/pimcore
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

38af70b3130f16fc27f2aea34e2943d7bdaaba06

Fixed

38af70b3130f16fc27f2aea34e2943d7bdaaba06

Fixed

a6821a16ea38086bf6012e682e1743488244bd85

Fixed

a6821a16ea38086bf6012e682e1743488244bd85

Affected versions

2.*

2.2.0

2.2.1

2.2.2

2.3.0

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.1.0

3.1.1

4.*

4.0.0

4.0.1

4.1.0

4.1.1

4.1.2

4.1.3

4.2.0

4.3.0

4.3.1

4.4.0

4.4.1

4.4.2

4.4.3

4.5.0

v10.*

v10.0.0

v10.0.0-BETA1

v10.0.0-BETA2

v10.0.0-BETA3

v10.0.0-BETA4

v10.0.1

v10.0.2

v10.0.3

v10.0.4

v10.0.5

v10.0.6

v10.0.7

v10.0.8

v10.0.9

v10.1.0

v10.1.1

v10.1.2

v10.1.3

v10.1.4

v10.1.5

v10.2.0

v10.2.1

v10.2.10

v10.2.2

v10.2.3

v10.2.4

v10.2.5

v10.2.6

v10.2.7

v10.2.8

v10.2.9

v10.3.0

v10.3.1

v10.3.2

v10.3.3

v10.3.4

v10.3.5

v10.3.6

v10.4.0

v10.4.1

v10.4.2

v10.4.3

v10.4.4

v10.4.5

v10.4.6

v10.5.0

v10.5.1

v10.5.10

v10.5.11

v10.5.12

v10.5.13

v10.5.14

v10.5.15

v10.5.16

v10.5.17

v10.5.18

v10.5.19

v10.5.2

v10.5.20

v10.5.21

v10.5.22

v10.5.23

v10.5.24

v10.5.25

v10.5.3

v10.5.4

v10.5.5

v10.5.6

v10.5.7

v10.5.8

v10.5.9

v10.6.0

v10.6.1

v10.6.2

v10.6.3

v10.6.4

v10.6.5

v10.6.6

v10.6.7

v10.6.8

v10.6.9

v11.*

v11.0.0

v11.0.0-ALPHA1

v11.0.0-ALPHA2

v11.0.0-ALPHA3

v11.0.0-ALPHA4

v11.0.0-ALPHA5

v11.0.0-ALPHA6

v11.0.0-ALPHA7

v11.0.0-ALPHA8

v11.0.0-BETA1

v11.0.0-RC1

v11.0.0-RC2

v11.0.1

v11.0.10

v11.0.11

v11.0.12

v11.0.2

v11.0.3

v11.0.4

v11.0.5

v11.0.6

v11.0.7

v11.0.8

v11.0.9

v11.1.0

v11.1.0-RC1

v11.1.1

v11.1.2

v11.1.3

v11.1.4

v11.1.5

v11.1.6

v11.2.0

v11.2.1

v11.2.2

v11.2.3

v5.*

v5.0.0

v5.0.0-RC

v5.0.1

v5.0.2

v5.0.3

v5.0.4

v5.1.0

v5.1.0-alpha

v5.1.1

v5.1.2

v5.1.3

v5.2.0

v5.2.3

v5.3.0

v5.3.1

v5.4.0

v5.4.1

v5.4.2

v5.4.3

v5.4.4

v5.5.0

v5.5.1

v5.5.2

v5.5.3

v5.5.4

v5.6.0

v5.6.1

v5.6.2

v5.6.3

v5.6.4

v5.6.5

v5.6.6

v5.7.0

v5.7.1

v5.7.2

v5.7.3

v5.8.0

v5.8.1

v5.8.2

v5.8.3

v6.*

v6.0.0

v6.0.1

v6.0.2

v6.0.3

v6.0.4

v6.0.5

v6.1.0

v6.1.1

v6.1.2

v6.2.0

v6.2.1

v6.2.2

v6.2.3

v6.3.0

v6.3.1

v6.3.2

v6.3.3

v6.3.4

v6.3.5

v6.3.6

v6.4.0

v6.4.1

v6.4.2

v6.5.0

v6.5.1

v6.5.2

v6.5.3

v6.6.0

v6.6.1

v6.6.10

v6.6.11

v6.6.2

v6.6.3

v6.6.4

v6.6.5

v6.6.6

v6.6.7

v6.6.8

v6.6.9

v6.7.0

v6.7.1

v6.7.2

v6.7.3

v6.8.0

v6.8.1

v6.8.10

v6.8.11

v6.8.12

v6.8.2

v6.8.3

v6.8.4

v6.8.5

v6.8.6

v6.8.7

v6.8.8

v6.8.9

v6.9.0

v6.9.1

v6.9.2

v6.9.3

v6.9.4

v6.9.5

v6.9.6