6.6 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
35.0%
A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.
hackerone.com/reports/1018146
nextcloud.com/security/advisory/?id=NC-SA-2021-001