Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05MndwLXI3aG0tNDJnN84AAx7S
XWiki Platform subject to Uncontrolled Resource Consumption
Impact
It's possible to make the farm unusable by adding an object to a page with a huge number (e.g. 67108863). This will most of the time fill the memory allocated to XWiki and make it unusable every time this document is manipulated.
Patches
It has been patched in XWiki 14.0
Workarounds
There is no workaround.
References
https://jira.xwiki.org/browse/XWIKI-19223
For more information
If you have any questions or comments about this advisory:
- Open an issue in Jira XWiki
- Email us at our security mailing list
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05MndwLXI3aG0tNDJnN84AAx7S
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: almost 2 years ago
CVSS Score: 5.7
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
EPSS Percentage: 0.00173
EPSS Percentile: 0.555
Identifiers: GHSA-92wp-r7hm-42g7, CVE-2023-26470
References:
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-92wp-r7hm-42g7
- https://nvd.nist.gov/vuln/detail/CVE-2023-26470
- https://github.com/xwiki/xwiki-platform/commit/04e5a89d2879b160cdfaea846024d3d9c1a525e6
- https://github.com/xwiki/xwiki-platform/commit/db3d1c62fc5fb59fefcda3b86065d2d362f55164
- https://github.com/xwiki/xwiki-platform/commit/fdfce062642b0ac062da5cda033d25482f4600fa
- https://jira.xwiki.org/browse/XWIKI-19223
- https://github.com/advisories/GHSA-92wp-r7hm-42g7
Blast Radius: 1.0
Affected Packages
maven:org.xwiki.platform:xwiki-platform-oldcore
Affected Version Ranges: < 14.0-rc-1Fixed in: 14.0-rc-1