← Back

CVE-2024-28214

nvd nist
Published: Mar 7, 2024Modified: May 7, 2025

JSON object

Loading...
2.7
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Exploitability: 1.2 / Impact: 1.4
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.

Affected (1)

Products: Naver: Ngrinder
Naver
1 product
Ngrinder
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Ngrinder
Before 3.5.9

Related CWEs

CWE-405
Asymmetric Resource Consumption (Amplification)
The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric."

References (2)

Source: cve@navercorp.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.