Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Uploading an image with a specific filename causes a server-side DoS
Vulnerability Description
spbu_se_site is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service under Windows. This is due to no limitation of the length of the filename and the costly use of the Unicode normalization with the form NFKD on Windows OS. This vulnerability was fixed in the 2024.01.29 release.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
spbu_se_site 安全漏洞
Vulnerability Description
spbu_se_site是圣彼得堡国立大学系统编程系网站。 spbu_se_site 2024.01.29之前版本存在安全漏洞,该漏洞源于文件名长度没有限制,经过身份验证的用户在上传头像图片时可能会故意使用较大的Unicode文件名,导致Windows下的服务器端拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A