关键信息 摘要: 漏洞描述: 在Wings中,Websockets缺乏适当的速率限制和节流。一个恶意用户可以打开大量连接并通过这些套接字请求数据,导致在某些情况下发生DOS攻击。 影响范围: 映射版本 ,修复版本为 。 CVE及其评估信息: CVE ID: 严重性等级: High; 评分:8.3 可能导致的问题: 对系统可用性产生高影响,但对系统的机密性和完整性影响为无。 相关漏洞类别: CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') CWE-770: Allocation of Resources Without Limits or Throttling CVSS信息: CVSS v4.0 Base Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Attack Requirements: None - Privileges Required: Low - User Interaction: None - Vulnerable System Impact Metrics: - Confidentiality: None - Integrity: None - Availability: High - Subsequent System Impact Metrics: - Confidentiality: None - Integrity: None - Availability: High