HIGH🇬🇧 English

CVE-2020-22785

CVSS 7.5v3.1pub. 2021-04-28upd. 2024-11-21

Etherpad < 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rate limiting and missing ownership check.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Etherpad

    APP
    Etherpad
    < 1.8.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2021-43802CRITICAL9.9ten sam produkt

Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an `*.etherpa...

CVE-2018-9326CRITICAL9.8ten sam produkt

Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code.

CVE-2018-6835CRITICAL9.8ten sam produkt

node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers ...

CVE-2021-34816HIGH7.2ten sam produkt

An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arb...

CVE-2020-22782HIGH7.5ten sam produkt

Etherpad < 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the ...