CVE-2024-22393

Apache Answer: Pixel Flood Attack by uploading the large pixel file

CVSS 9.1 CRITICALEPSS 2.5%CWE-434

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content. Users are recommended to upgrade to version [1.2.5], which fixes the issue.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Affected products

Apache Software Foundation · Apache Answer

public PoCs found — 3

githubgithub.com/Rk-000/Pixel-Flood-Attack★ 1 githubgithub.com/Rk-000/Apache-Hunter★ 1 githubgithub.com/omranisecurity/CVE-2024-22393★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://lists.apache.org/thread/f58l6dr4r74hl6o71gn47kmn44vw12cv http://www.openwall.com/lists/oss-security/2024/02/22/1