Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Potential DoS Vulnerability in CERT VINCE Software Before Version 3.0.8
Vulnerability Description
A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. An authenticated administrative user can inject an arbitrary pickle object into a user’s profile, which may lead to a DoS condition when the profile is accessed. While the Django server restricts unpickling to prevent server crashes, this vulnerability could still disrupt operations.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
VINCE 安全漏洞
Vulnerability Description
VINCE是美国CERT Coordination Center开源的一个 CERT 协调中心开发和使用的漏洞信息和协调环境。用于改进协调的漏洞披露。 VINCE 3.0.8之前版本存在安全漏洞,该漏洞源于经过身份验证的管理用户可以在用户的配置文件中注入任意pickle对象,当访问用户配置文件时可能会导致服务器上的潜在拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A