Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vikunja has a File Size Limit Bypass via Vikunja Import
Vulnerability Description
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By setting Size to 0 in the JSON while including large compressed file entries in the zip, an attacker bypasses the configured maximum file size limit. This vulnerability is fixed in 2.3.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Vikunja 安全漏洞
Vulnerability Description
Vikunja是Vikunja开源的一个待办事项应用程序。 Vikunja 2.3.0之前版本存在安全漏洞,该漏洞源于文件导入端点使用攻击者控制的JSON元数据中的Size字段而非实际解压缩文件长度进行大小检查,可能导致绕过配置的最大文件大小限制。
CVSS Information
N/A
Vulnerability Type
N/A