GHSA-92wp-r7hm-42g7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-92wp-r7hm-42g7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-92wp-r7hm-42g7/GHSA-92wp-r7hm-42g7.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-92wp-r7hm-42g7
- Aliases
- Published
- 2023-03-03T22:50:41Z
- Modified
- 2023-11-08T04:12:01.291463Z
- Severity
-
- 5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- XWiki Platform subject to Uncontrolled Resource Consumption
- Details
-
Impact
It's possible to make the farm unusable by adding an object to a page with a huge number (e.g. 67108863). This will most of the time fill the memory allocated to XWiki and make it unusable every time this document is manipulated.
Patches
It has been patched in XWiki 14.0
Workarounds
There is no workaround.
References
https://jira.xwiki.org/browse/XWIKI-19223
For more information
If you have any questions or comments about this advisory: * Open an issue in Jira XWiki * Email us at our security mailing list
- Database specific
{ "nvd_published_at": "2023-03-02T19:15:00Z", "github_reviewed_at": "2023-03-03T22:50:41Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-400", "CWE-787" ] }- References
-
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-92wp-r7hm-42g7
- https://nvd.nist.gov/vuln/detail/CVE-2023-26470
- https://github.com/xwiki/xwiki-platform/commit/04e5a89d2879b160cdfaea846024d3d9c1a525e6
- https://github.com/xwiki/xwiki-platform/commit/db3d1c62fc5fb59fefcda3b86065d2d362f55164
- https://github.com/xwiki/xwiki-platform/commit/fdfce062642b0ac062da5cda033d25482f4600fa
- https://github.com/xwiki/xwiki-platform
- https://jira.xwiki.org/browse/XWIKI-19223
Affected packages
Maven / org.xwiki.platform:xwiki-platform-oldcore
Package
- Name
- org.xwiki.platform:xwiki-platform-oldcore
- View open source insights on deps.dev
- Purl
- pkg:maven/org.xwiki.platform/xwiki-platform-oldcore