CUBA Vulnerable to Denial of Service (DoS) in the File Storage

CUBA Platform is a high level framework for enterprise applications development. Prior to version 7.2.23, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. This issue has been patched in version 7.2.23. A workaround is provided on the Jmix documentation website.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

不加限制或调节的资源分配

Cuba JPA web API 安全漏洞

Cuba JPA web API是CUBA Platform开源的一个用于快速开发企业级 Java 应用的框架组件。 Cuba JPA web API 7.2.23之前版本存在安全漏洞，该漏洞源于文件大小限制不当，可能导致拒绝服务。

N/A

N/A