Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS05MndwLXI3aG0tNDJnN84AAx7S

XWiki Platform subject to Uncontrolled Resource Consumption

Impact

It's possible to make the farm unusable by adding an object to a page with a huge number (e.g. 67108863). This will most of the time fill the memory allocated to XWiki and make it unusable every time this document is manipulated.

Patches

It has been patched in XWiki 14.0

Workarounds

There is no workaround.

References

https://jira.xwiki.org/browse/XWIKI-19223

For more information

If you have any questions or comments about this advisory:

Permalink: https://github.com/advisories/GHSA-92wp-r7hm-42g7
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05MndwLXI3aG0tNDJnN84AAx7S
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: almost 2 years ago


CVSS Score: 5.7
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

EPSS Percentage: 0.00173
EPSS Percentile: 0.555

Identifiers: GHSA-92wp-r7hm-42g7, CVE-2023-26470
References: Repository: https://github.com/xwiki/xwiki-platform
Blast Radius: 1.0

Affected Packages

maven:org.xwiki.platform:xwiki-platform-oldcore
Affected Version Ranges: < 14.0-rc-1
Fixed in: 14.0-rc-1