CVE-2024-21651

Published: Jan 9, 2024Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU consumption. This vulnerability has been patched in XWiki 14.10.18, 15.5.3 and 15.8 RC1.

Affected (3)

Products: Xwiki: Xwiki

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Xwiki Xwiki	From 14.10 to 14.10.18
Xwiki Xwiki	From 15.5 to 15.5.3
Xwiki Xwiki	From 15.6 to 15.8

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (4)

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8959-rfxh-r4j4

Source: security-advisories@github.com

Issue TrackingVendor Advisory

https://jira.xwiki.org/browse/XCOMMONS-2796

Source: security-advisories@github.com

Issue TrackingVendor Advisory

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8959-rfxh-r4j4

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://jira.xwiki.org/browse/XCOMMONS-2796

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.