Lucene search

GitHub Advisory DatabaseGHSA-VQ74-9583-HRM4

HistoryMay 17, 2022 - 7:57 p.m.

Publify vulnerable to DoS attack

2022-05-1719:57:14

CWE-400

GitHub Advisory Database

github.com

publify

vulnerable

dos attack

denial of service

software

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

42.5%

JSON

Publify before 8.0.1 is vulnerable to a Denial of Service attack

Affected configurations

Vulners

Node

publify_projectpublifyRange<8.0.1

VendorProductVersionCPE
publify_projectpublify*cpe:2.3:a:publify_project:publify:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
publify_project	publify	*	cpe:2.3:a:publify_project:publify::::::::

References

github.com/advisories/GHSA-vq74-9583-hrm4

hackmysystems.tumblr.com/post/85475092711/denial-of-service-in-publify-cve-2014-3211

nvd.nist.gov/vuln/detail/CVE-2014-3211

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

42.5%

JSON

Related for GHSA-VQ74-9583-HRM4