Improper Validation of Specified Quantity in Input in tooljet/tooljet
CVE-2022-4111

6.5MEDIUM

Key Information:

Vendor

Tooljet

Status
Tooljet/tooljet
Vendor
CVE Published:
22 November 2022

What is CVE-2022-4111?

Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB.

Affected Version(s)

tooljet/tooljet < unspecified

References

https://huntr.dev/bounties/5596d072-66d2-4361-8cac-101c9c...
https://github.com/tooljet/tooljet/commit/01cd3f046474797...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.