Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stirling-PDF vulnerable to DoS via add-watermark
Vulnerability Description
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service (DoS) vulnerability in the Stirling-PDF watermark functionality (`/api/v1/security/add-watermark` endpoint). The vulnerability allows authenticated users to cause resource exhaustion and server crashes by providing extreme values for the `fontSize` and `widthSpacer` parameters. Version 2.5.2 patches the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Stirling-PDF 安全漏洞
Vulnerability Description
Stirling-PDF是Stirling Tools开源的一个使用 Docker 的强大、本地托管的基于 Web 的 PDF 操作工具。 Stirling-PDF 2.5.2之前版本存在安全漏洞,该漏洞源于水印功能对fontSize和widthSpacer参数验证不足,可能导致拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A