Disclosure Date 2021/12/14

CVE-2020-5682

Denial of Service (DoS) in GROWI

GROWIの入力値の検証不備に起因するDoS(Denial of Service)

Credit

azara (@a_zara_n)

Affected-Versions

  • GROWI v4.2.3 and earlier
  • GROWI v4.1.12 and earlier
  • All versions in GROWI v3

CWE

CWE-400

Description

Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to cause a denial of service via unspecified vectors.

Product-URLs

https://growi.org/

Reference

  • https://nvd.nist.gov/vuln/detail/CVE-2020-5682
  • https://jvn.jp/en/jp/JVN94169589/index.html

Back