We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. An authenticated administrative user can inject an arbitrary pickle object into a user’s profile, which may lead to a DoS condition when the profile is accessed. While the Django server restricts unpickling to prevent server crashes, this vulnerability could still disrupt operations.
Reserved 2024-10-14 | Published 2024-10-14 | Updated 2024-10-15 | Assigner certccCWE-502: Deserialization of Untrusted Data
Thanks to security researcher @coldwaterhq (https://github.com/coldwaterhq) for reporting this vulnerability and adhering to the responsible disclosure process.
github.com/CERTCC/VINCE/issues?q=label%3Asecurity (CERT/CC GitHub Issues)
Support options