Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
InvenTree has uncontrolled memory allocation via built-in label-sheet plugin
Vulnerability Description
InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in `label-sheet` plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a denial-of-service via memory exhaustion. the issue is fixed in versions 0.17.13 and higher. No workaround is available aside from upgrading to the patched version.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
InvenTree 安全漏洞
Vulnerability Description
InvenTree是InvenTree开源的一个开源库存管理系统。提供强大的低级库存控制和零件跟踪。 InvenTree 0.17.13之前版本存在安全漏洞,该漏洞源于内置label-sheet插件中skip字段无上限,可能导致内存耗尽拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A