← Back

CVE-2024-9953

nvd nist
Published: Oct 14, 2024Modified: Mar 20, 2025

JSON object

Loading...
4.9
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Exploitability: 1.2 / Impact: 3.6
Source: NVD

Description

A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. An authenticated administrative user can inject an arbitrary pickle object into a user’s profile, which may lead to a DoS condition when the profile is accessed. While the Django server restricts unpickling to prevent server crashes, this vulnerability could still disrupt operations.

Affected (1)

Products: Cert: Vince
Cert
1 product
Vince
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Vince
Before 3.0.8

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (1)

Source: cret@cert.org
Patch

Timeline

No history available yet.