Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zY3h4LTNmNTMtbTkyY84AAv4m
Concrete CMS vulnerable to Uncontrolled Resource Consumption leading to DoS
In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load).
Permalink: https://github.com/advisories/GHSA-3cxx-3f53-m92cJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zY3h4LTNmNTMtbTkyY84AAv4m
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 7 months ago
Updated: 4 months ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-3cxx-3f53-m92c, CVE-2022-43686
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-43686
- https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
- https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes
- https://github.com/concretecms/concretecms/releases/8.5.10
- https://github.com/concretecms/concretecms/releases/9.1.3
- https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31
- https://github.com/advisories/GHSA-3cxx-3f53-m92c
Affected Packages
packagist:concrete5/concrete5
Versions: >= 9.0.0, < 9.1.3, < 8.5.10Fixed in: 9.1.3, 8.5.10