CVE-2020-22785

Beschreibung:
Etherpad < 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rate limiting and missing ownership check. CWE: CWE-770

CVSS-Bewertung
CVSS 2: MEDIUM – 5 (Version: 2.0)
CVSS 3: HIGH – 7.5 (Version: 3.1)

Links:

NVD – CVE-2020-22785
CVE – CVE-2020-22785

Link (max. 20) Quelle Tags
https://github.com/ether/etherpad-lite/pull/3833 CONFIRM Exploit Issue Tracking Third Party Advisory
https://phabricator.miraheze.org/T7213 MISC Issue Tracking Third Party Advisory
https://github.com/miraheze/ManageWiki/commit/befb83c66f5b643e174897ea41a8a46679b26304 MISC Patch Third Party Advisory
https://www.npmjs.com/package/@ckeditor/ckeditor5-media-embed MISC Product Third Party Advisory
https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-3rh3-wfr4-76mj CONFIRM Third Party Advisory Third Party Advisory
https://www.npmjs.com/package/@ckeditor/ckeditor5-list MISC Product Third Party Advisory
https://www.npmjs.com/package/@ckeditor/ckeditor5-font MISC Product Third Party Advisory
https://www.npmjs.com/package/@ckeditor/ckeditor5-paste-from-office MISC Product Third Party Advisory
https://www.npmjs.com/package/@ckeditor/ckeditor5-widget MISC Product Third Party Advisory

Quelle: NVD – CVE-2020-22785
Datum Veröffentlichung: 2021-04-28T21:15Z, Datum letzte Änderung: 2021-05-05T19:39Z