CVE-2022-4111

Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:tooljet:tooljet:*:*:*:*:*:*:*:*

History

11 Jul 2023, 08:15

Type Values Removed Values Added
Summary Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB. Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB.

10 Jul 2023, 18:23

Type Values Removed Values Added
CWE CWE-400 CWE-1284

26 Nov 2022, 03:28

Type Values Removed Values Added
CWE CWE-400
First Time Tooljet
Tooljet tooljet
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CPE cpe:2.3:a:tooljet:tooljet:*:*:*:*:*:*:*:*
References (MISC) https://github.com/tooljet/tooljet/commit/01cd3f0464747973ec329e9fb1ea12743d3235cc - (MISC) https://github.com/tooljet/tooljet/commit/01cd3f0464747973ec329e9fb1ea12743d3235cc - Patch, Third Party Advisory
References (CONFIRM) https://huntr.dev/bounties/5596d072-66d2-4361-8cac-101c9c781c3d - (CONFIRM) https://huntr.dev/bounties/5596d072-66d2-4361-8cac-101c9c781c3d - Exploit, Issue Tracking, Patch, Third Party Advisory

25 Nov 2022, 13:15

Type Values Removed Values Added
Summary What happens if a bot net starts uploading 100MB files from 100 machines at the same time. This would mean that our network pipes are clogged handling 10GB of data while slowing down our real customers..... the answer the site will down and come not available Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB.

22 Nov 2022, 13:44

Type Values Removed Values Added
New CVE

Information

Published : 2022-11-22 03:15

Updated : 2023-12-10 14:48


NVD link : CVE-2022-4111

Mitre link : CVE-2022-4111

CVE.ORG link : CVE-2022-4111


JSON object : View

Products Affected

tooljet

  • tooljet
CWE
CWE-1284

Improper Validation of Specified Quantity in Input