CVE-2022-4111

Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:tooljet:tooljet:*:*:*:*:*:*:*:*

History

26 Nov 2022, 03:28

Type Values Removed Values Added
CWE CWE-400
First Time Tooljet
Tooljet tooljet
References (MISC) https://github.com/tooljet/tooljet/commit/01cd3f0464747973ec329e9fb1ea12743d3235cc - (MISC) https://github.com/tooljet/tooljet/commit/01cd3f0464747973ec329e9fb1ea12743d3235cc - Patch, Third Party Advisory
References (CONFIRM) https://huntr.dev/bounties/5596d072-66d2-4361-8cac-101c9c781c3d - (CONFIRM) https://huntr.dev/bounties/5596d072-66d2-4361-8cac-101c9c781c3d - Exploit, Issue Tracking, Patch, Third Party Advisory
CPE cpe:2.3:a:tooljet:tooljet:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5

25 Nov 2022, 13:15

Type Values Removed Values Added
Summary What happens if a bot net starts uploading 100MB files from 100 machines at the same time. This would mean that our network pipes are clogged handling 10GB of data while slowing down our real customers..... the answer the site will down and come not available Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB.

22 Nov 2022, 13:44

Type Values Removed Values Added
New CVE

Information

Published : 2022-11-22 03:15

Updated : 2022-11-26 03:28


NVD link : CVE-2022-4111

Mitre link : CVE-2022-4111


JSON object : View

Products Affected

tooljet

  • tooljet
CWE
CWE-400

Uncontrolled Resource Consumption