← Back

CVE-2024-5795

nvd nist
Published: Jul 16, 2024Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

A Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause unbounded resource exhaustion by sending a large payload to the Git server. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.

Affected (5)

Github
1 product
Enterprise Server
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Github
Enterprise Server
From 3.10.0 to 3.10.14
Enterprise Server
From 3.11.0 to 3.11.12
Enterprise Server
From 3.12.0 to 3.12.6
Enterprise Server
From 3.9.0 to 3.9.17
Enterprise Server
Version 3.13.0

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (10)

Source: product-cna@github.com
Release Notes
Source: product-cna@github.com
Release Notes
Source: product-cna@github.com
Release Notes
Source: product-cna@github.com
Release Notes
Source: product-cna@github.com
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes

Timeline

No history available yet.