漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Potential DoS Vulnerability in CERT VINCE Software Before Version 3.0.8
Vulnerability Description
A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. An authenticated administrative user can inject an arbitrary pickle object into a user’s profile, which may lead to a DoS condition when the profile is accessed. While the Django server restricts unpickling to prevent server crashes, this vulnerability could still disrupt operations.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
VINCE 安全漏洞
Vulnerability Description
VINCE是美国CERT Coordination Center开源的一个 CERT 协调中心开发和使用的漏洞信息和协调环境。用于改进协调的漏洞披露。 VINCE 3.0.8之前版本存在安全漏洞,该漏洞源于经过身份验证的管理用户可以在用户的配置文件中注入任意pickle对象,当访问用户配置文件时可能会导致服务器上的潜在拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A