Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oZ3A4LXc4ZmotcjRjbc4AAv_v
ToolJet is vulnerable to Denial of Service (DoS)
ToolJet/ToolJet placed no limit on the file size for user avatars. This could cause a denial of service if too many users upload large files. This is fixed in commit 01cd3f0464747973ec329e9fb1ea12743d3235cc in version 1.27.0.
tooljet is no longer listed on npmjs.com but was listed on npmjs.com in the past. This advisory is maintained for historical completeness.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oZ3A4LXc4ZmotcjRjbc4AAv_v
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: 10 months ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-hgp8-w8fj-r4cm, CVE-2022-4111
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-4111
- https://github.com/tooljet/tooljet/commit/01cd3f0464747973ec329e9fb1ea12743d3235cc
- https://huntr.dev/bounties/5596d072-66d2-4361-8cac-101c9c781c3d
- https://github.com/ToolJet/ToolJet/pull/4103
- https://github.com/advisories/GHSA-hgp8-w8fj-r4cm
Blast Radius: 1.0
Affected Packages
npm:tooljet
Affected Version Ranges: < 1.27.0Fixed in: 1.27.0