Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Inviting excessive long email addresses to a calendar event makes the Nextcloud server unresponsive
Vulnerability Description
Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended that the Nextcloud Calendar app is upgraded to 4.4.4. The only workaround for users unable to upgrade is to disable the calendar app.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Nextcloud 资源管理错误漏洞
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud calendar 1.0.0版本及之后版本存在资源管理错误漏洞,该漏洞源于缺少先决条件检查,即使用户提供兆字节的数据,服务器也会尝试将任意长度的字符串验证为电子邮件地址,最终导致服务器繁忙且无响应。
CVSS Information
N/A
Vulnerability Type
N/A