CVE-2024-56200 – Altair Misskey Image Proxy Unauthenticated Request Injection Vulnerability

12月 19, 2024
8:16 pm

CVE ID : CVE-2024-56200

Published : Dec. 19, 2024, 7:15 p.m. | 1 hour, 1 minute ago

Description : Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this software is running or placing a heavy load on the network it is using. This issue has been fixed in v12.24Q4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-56200 – Altair Misskey Image Proxy Unauthenticated Request Injection Vulnerability

Elvescore.io

Recent Posts

CVE-2024-12884 – Codezips E-Commerce Website SQL Injection

CVE-2024-51463 – IBM i SSRF

CVE-2024-51464 – IBM Navigator for i Access Bypass Vulnerability

CVE-2024-12883 – Code-projects Job Recruitment Cross Site Scripting

CVE-2024-12875 – Easy Digital Downloads WordPress Directory Traversal Vulnerability

CVE-2024-10453 – Elementor Website Builder Stored Cross-Site Scripting Vulnerability

CVE-2024-56200 – Altair Misskey Image Proxy Unauthenticated Request Injection Vulnerability

CVE-2024-56200 – Altair Misskey Image Proxy Unauthenticated Request Injection Vulnerability