GHSA-hgp8-w8fj-r4cm

Source

https://github.com/advisories/GHSA-hgp8-w8fj-r4cm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-hgp8-w8fj-r4cm/GHSA-hgp8-w8fj-r4cm.json

Aliases

CVE-2022-4111

Published

2022-11-22T03:30:56Z

Modified

2023-11-08T04:10:27.026460Z

Details

ToolJet/ToolJet placed no limit on the file size for user avatars. This could cause a denial of service if too many users upload large files. This is fixed in commit 01cd3f0464747973ec329e9fb1ea12743d3235cc in version 1.27.0.

tooljet is no longer listed on npmjs.com but was listed on npmjs.com in the past. This advisory is maintained for historical completeness.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-4111
https://github.com/ToolJet/ToolJet/pull/4103
https://github.com/tooljet/tooljet/commit/01cd3f0464747973ec329e9fb1ea12743d3235cc
https://github.com/ToolJet/ToolJet
https://huntr.dev/bounties/5596d072-66d2-4361-8cac-101c9c781c3d

GHSA-hgp8-w8fj-r4cm

Affected packages

npm / tooljet

Package

Affected ranges