Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
pwndoc's UnhandledPromiseRejection on audits causes Denial of Service (DoS)
Vulnerability Description
PwnDoc is a penetration test report generator. In versions up to and including 0.5.3, an authenticated user is able to crash the backend by raising a `UnhandledPromiseRejection` on audits which exits the backend. The user doesn't need to know the audit id, since a bad audit id will also raise the rejection. With the backend being unresponsive, the whole application becomes unusable for all users of the application. As of time of publication, no known patches are available.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
PwnDoc 输入验证错误漏洞
Vulnerability Description
PwnDoc是PwnDoc开源的一个渗透测试报告生成器。 PwnDoc 0.5.3及之前版本存在输入验证错误漏洞,该漏洞源于经过身份验证的用户可以通过在退出后端的审计上提出UnhandledPromiseRejection来使后端崩溃。
CVSS Information
N/A
Vulnerability Type
N/A