GHSA-92wp-r7hm-42g7

Suggest an improvement
Source
https://github.com/advisories/GHSA-92wp-r7hm-42g7
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-92wp-r7hm-42g7/GHSA-92wp-r7hm-42g7.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-92wp-r7hm-42g7
Aliases
Published
2023-03-03T22:50:41Z
Modified
2023-11-08T04:12:01.291463Z
Severity
  • 5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
XWiki Platform subject to Uncontrolled Resource Consumption
Details

Impact

It's possible to make the farm unusable by adding an object to a page with a huge number (e.g. 67108863). This will most of the time fill the memory allocated to XWiki and make it unusable every time this document is manipulated.

Patches

It has been patched in XWiki 14.0

Workarounds

There is no workaround.

References

https://jira.xwiki.org/browse/XWIKI-19223

For more information

If you have any questions or comments about this advisory: * Open an issue in Jira XWiki * Email us at our security mailing list

References

Affected packages

Maven / org.xwiki.platform:xwiki-platform-oldcore

Package

Name
org.xwiki.platform:xwiki-platform-oldcore
View open source insights on deps.dev
Purl
pkg:maven/org.xwiki.platform/xwiki-platform-oldcore

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.0-rc-1