The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of service.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HTrudesk Project Trudesk
APPTrudesk Project< 1.2.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Powiązane podatności
CVE-2022-2128CRITICAL9.8ten sam produkt
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4.
CVE-2022-2023CRITICAL9.8ten sam produkt
Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4.
CVE-2022-1775CRITICAL9.8ten sam produkt
Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2.
CVE-2022-1808HIGH8.8ten sam produkt
Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3.
CVE-2022-1931HIGH8.1ten sam produkt
Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3.