Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OWASP DefectDojo SonarQubeParser/MSDefenderParser parser.py input_zip.read denial of service
Vulnerability Description
A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.56.0 is able to resolve this issue. The identifier of the patch is e8f1e5131535b8fd80a7b1b3085d676295fdcd41. Upgrading the affected component is recommended.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
不恰当的资源关闭或释放
Vulnerability Title
OWASP DefectDojo 安全漏洞
Vulnerability Description
OWASP DefectDojo是美国OWASP基金会的一个功能强大的漏洞管理平台和 DevSecOps 平台。 OWASP DefectDojo 2.55.4及之前版本存在安全漏洞,该漏洞源于组件SonarQubeParser/MSDefenderParser的parser.py文件中函数input_zip.read存在错误,可能导致拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A