A Denial of Service (DoS) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the processing of SVG files, resulting in unbounded resource consumption and system-wide denial of service.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HEvershop
APPEvershop≤ 2.1.0
Related vulnerabilities
EverShop: token resetowania hasła ujawniany w odpowiedzi API
Second-order SQL injection w EverShop podczas obsługi kategorii
Hardkodowany sekret HMAC w @evershop/evershop umożliwia fałszowanie tokenów JWT
RCE i ujawnienie danych w EverShop NPM przez plik route.json
EverShop 2.0.1 allows a remote unauthenticated attacker to upload arbitrary files and create directories via t...