Disclosure Date 2021/12/14
CVE-2020-5682
Denial of Service (DoS) in GROWI
GROWIの入力値の検証不備に起因するDoS(Denial of Service)
Credit
azara (@a_zara_n)
Affected-Versions
- GROWI v4.2.3 and earlier
- GROWI v4.1.12 and earlier
- All versions in GROWI v3
CWE
CWE-400
Description
Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to cause a denial of service via unspecified vectors.
Product-URLs
https://growi.org/
Reference
- https://nvd.nist.gov/vuln/detail/CVE-2020-5682
- https://jvn.jp/en/jp/JVN94169589/index.html