We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-9953

Potential DoS Vulnerability in CERT VINCE Software Before Version 3.0.8



Description

A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. An authenticated administrative user can inject an arbitrary pickle object into a user’s profile, which may lead to a DoS condition when the profile is accessed. While the Django server restricts unpickling to prevent server crashes, this vulnerability could still disrupt operations.

Reserved 2024-10-14 | Published 2024-10-14 | Updated 2024-10-15 | Assigner certcc

Problem types

CWE-502: Deserialization of Untrusted Data

Product status

Default status
unaffected

* before 3.0.8
affected

Credits

Thanks to security researcher @coldwaterhq (https://github.com/coldwaterhq) for reporting this vulnerability and adhering to the responsible disclosure process.

References

github.com/CERTCC/VINCE/issues?q=label%3Asecurity (CERT/CC GitHub Issues)

cve.org (CVE-2024-9953)

nvd.nist.gov (CVE-2024-9953)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-9953

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.