CVE-2024-55653
CVE-2024-55653
Título es
CVE-2024-55653
Mar, 10/12/2024 – 23:15
Tipo
CWE-20
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2024-55653
Descripción en
PwnDoc is a penetration test report generator. In versions up to and including 0.5.3, an authenticated user is able to crash the backend by raising a `UnhandledPromiseRejection` on audits which exits the backend. The user doesn't need to know the audit id, since a bad audit id will also raise the rejection. With the backend being unresponsive, the whole application becomes unusable for all users of the application. As of time of publication, no known patches are available.
11/12/2024
11/12/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Gravedad 3.1 (CVSS 3.1 Base Score)
6.50
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM
Enviar en el boletín
Off
