Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CUBA Vulnerable to Denial of Service (DoS) in the File Storage
Vulnerability Description
CUBA Platform is a high level framework for enterprise applications development. Prior to version 7.2.23, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. This issue has been patched in version 7.2.23. A workaround is provided on the Jmix documentation website.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Cuba JPA web API 安全漏洞
Vulnerability Description
Cuba JPA web API是CUBA Platform开源的一个用于快速开发企业级 Java 应用的框架组件。 Cuba JPA web API 7.2.23之前版本存在安全漏洞,该漏洞源于文件大小限制不当,可能导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A