GHSA-hgp8-w8fj-r4cm
Suggest an improvement- Source
- https://github.com/advisories/GHSA-hgp8-w8fj-r4cm
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-hgp8-w8fj-r4cm/GHSA-hgp8-w8fj-r4cm.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-hgp8-w8fj-r4cm
- Aliases
- Published
- 2022-11-22T03:30:56Z
- Modified
- 2023-11-08T04:10:27.026460Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- ToolJet is vulnerable to Denial of Service (DoS)
- Details
-
ToolJet/ToolJet placed no limit on the file size for user avatars. This could cause a denial of service if too many users upload large files. This is fixed in commit 01cd3f0464747973ec329e9fb1ea12743d3235cc in version 1.27.0.
tooljetis no longer listed on npmjs.com but was listed on npmjs.com in the past. This advisory is maintained for historical completeness. - Database specific
{ "github_reviewed_at": "2022-12-02T22:38:23Z", "severity": "MODERATE", "cwe_ids": [ "CWE-1284", "CWE-400" ], "github_reviewed": true, "nvd_published_at": "2022-11-22T03:15:00Z" }- References
Affected packages
npm / tooljet
Package
- Name
- tooljet
- View open source insights on deps.dev
- Purl
- pkg:npm/tooljet