CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1057 vulnerabilities reference this CWE, most recent first.
GHSA-3274-8H4C-G6Q9
Vulnerability from github – Published: 2022-04-21 01:57 – Updated: 2024-04-03 23:04In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers.
{
"affected": [],
"aliases": [
"CVE-2010-0207"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-30T21:15:00Z",
"severity": "MODERATE"
},
"details": "In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers.",
"id": "GHSA-3274-8h4c-g6q9",
"modified": "2024-04-03T23:04:23Z",
"published": "2022-04-21T01:57:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0207"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0207"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0207"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-32JQ-W4J4-WJVC
Vulnerability from github – Published: 2025-01-11 15:30 – Updated: 2025-11-03 21:32In the Linux kernel, the following vulnerability has been resolved:
ceph: give up on paths longer than PATH_MAX
If the full path to be built by ceph_mdsc_build_path() happens to be longer than PATH_MAX, then this function will enter an endless (retry) loop, effectively blocking the whole task. Most of the machine becomes unusable, making this a very simple and effective DoS vulnerability.
I cannot imagine why this retry was ever implemented, but it seems rather useless and harmful to me. Let's remove it and fail with ENAMETOOLONG instead.
{
"affected": [],
"aliases": [
"CVE-2024-53685"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-11T13:15:25Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: give up on paths longer than PATH_MAX\n\nIf the full path to be built by ceph_mdsc_build_path() happens to be\nlonger than PATH_MAX, then this function will enter an endless (retry)\nloop, effectively blocking the whole task. Most of the machine\nbecomes unusable, making this a very simple and effective DoS\nvulnerability.\n\nI cannot imagine why this retry was ever implemented, but it seems\nrather useless and harmful to me. Let\u0027s remove it and fail with\nENAMETOOLONG instead.",
"id": "GHSA-32jq-w4j4-wjvc",
"modified": "2025-11-03T21:32:07Z",
"published": "2025-01-11T15:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53685"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0f2b2d9e881c90402dbe28f9ba831775b7992e1f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/550f7ca98ee028a606aa75705a7e77b1bd11720f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/99a37ab76a315c8307eb5b0dc095d8ad9d8efeaa"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c47ed91156daf328601d02b58d52d9804da54108"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d42ad3f161a5a487f81915c406f46943c7187a0a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e4b168c64da06954be5d520f6c16469b1cadc069"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-32PX-JFGQ-53XF
Vulnerability from github – Published: 2026-05-11 18:31 – Updated: 2026-07-02 12:30A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.
{
"affected": [],
"aliases": [
"CVE-2026-4890"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-11T18:16:41Z",
"severity": "HIGH"
},
"details": "A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.",
"id": "GHSA-32px-jfgq-53xf",
"modified": "2026-07-02T12:30:43Z",
"published": "2026-05-11T18:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4890"
},
{
"type": "WEB",
"url": "https://github.com/NixOS/nixpkgs/pull/519082"
},
{
"type": "WEB",
"url": "https://github.com/NixOS/nixpkgs/pull/519093"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19158"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19373"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20589"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34508"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-4890"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458516"
},
{
"type": "WEB",
"url": "https://github.com/pi-hole/FTL/releases/tag/v6.6.2"
},
{
"type": "WEB",
"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4890.json"
},
{
"type": "WEB",
"url": "https://thekelleys.org.uk/dnsmasq"
},
{
"type": "WEB",
"url": "https://thekelleys.org.uk/dnsmasq/CVE"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/471747"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-333M-Q4JM-QJQ4
Vulnerability from github – Published: 2024-10-21 15:32 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
x86/sgx: Fix deadlock in SGX NUMA node search
When the current node doesn't have an EPC section configured by firmware and all other EPC sections are used up, CPU can get stuck inside the while loop that looks for an available EPC page from remote nodes indefinitely, leading to a soft lockup. Note how nid_of_current will never be equal to nid in that while loop because nid_of_current is not set in sgx_numa_mask.
Also worth mentioning is that it's perfectly fine for the firmware not to setup an EPC section on a node. While setting up an EPC section on each node can enhance performance, it is not a requirement for functionality.
Rework the loop to start and end on a node that has SGX memory. This avoids the deadlock looking for the current SGX-lacking node to show up in the loop when it never will.
{
"affected": [],
"aliases": [
"CVE-2024-49856"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T13:15:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sgx: Fix deadlock in SGX NUMA node search\n\nWhen the current node doesn\u0027t have an EPC section configured by firmware\nand all other EPC sections are used up, CPU can get stuck inside the\nwhile loop that looks for an available EPC page from remote nodes\nindefinitely, leading to a soft lockup. Note how nid_of_current will\nnever be equal to nid in that while loop because nid_of_current is not\nset in sgx_numa_mask.\n\nAlso worth mentioning is that it\u0027s perfectly fine for the firmware not\nto setup an EPC section on a node. While setting up an EPC section on\neach node can enhance performance, it is not a requirement for\nfunctionality.\n\nRework the loop to start and end on *a* node that has SGX memory. This\navoids the deadlock looking for the current SGX-lacking node to show up\nin the loop when it never will.",
"id": "GHSA-333m-q4jm-qjq4",
"modified": "2025-11-04T00:31:39Z",
"published": "2024-10-21T15:32:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49856"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0f89fb4042c08fd143bfc28af08bf6c8a0197eea"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/20c96d0aaabfe361fc2a11c173968dc67feadbbf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/40fb64257dab507d86b5f1f2a62f3669ef0c91a8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8132510c915815e6b537ab937d94ed66893bc7b8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9c936844010466535bd46ea4ce4656ef17653644"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fb2d057539eda67ec7cfc369bf587e6518a9b99d"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3448-VFVV-XP9G
Vulnerability from github – Published: 2018-12-26 17:45 – Updated: 2023-09-27 11:10A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tika:tika-parsers"
},
"ranges": [
{
"events": [
{
"introduced": "1.8"
},
{
"fixed": "1.20"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-17197"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T20:53:58Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika\u0027s SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.",
"id": "GHSA-3448-vfvv-xp9g",
"modified": "2023-09-27T11:10:06Z",
"published": "2018-12-26T17:45:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17197"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-3448-vfvv-xp9g"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/7c021a4ea2037e52e74628e17e8e0e2acab1f447160edc8be0eae6d3@%3Cdev.tika.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106293"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Apache Tika Denial of Service due to Infinite Loop in Tika\u0027s SQLite3Parser"
}
GHSA-345H-R9M2-JR4P
Vulnerability from github – Published: 2026-07-14 18:31 – Updated: 2026-07-14 18:31In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, an infinite loop was discovered in the TNEF decoder, which may lead to denial of service upon opening an email with a TNEF attachment.
{
"affected": [],
"aliases": [
"CVE-2026-62642"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T16:17:04Z",
"severity": "MODERATE"
},
"details": "In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, an infinite loop was discovered in the TNEF decoder, which may lead to denial of service upon opening an email with a TNEF attachment.",
"id": "GHSA-345h-r9m2-jr4p",
"modified": "2026-07-14T18:31:56Z",
"published": "2026-07-14T18:31:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-62642"
},
{
"type": "WEB",
"url": "https://github.com/roundcube/roundcubemail/commit/132ac8dd5a55c8466be12de1daf84355697ffa89"
},
{
"type": "WEB",
"url": "https://github.com/roundcube/roundcubemail/commit/877269c79359d959a94f13c9070cab0f3389c193"
},
{
"type": "WEB",
"url": "https://github.com/roundcube/roundcubemail/commit/a007321346380136b3de2bd75b486b04f63c0d38"
},
{
"type": "WEB",
"url": "https://github.com/roundcube/roundcubemail/commit/fb952956c6eaf29e963f1a718d028d66e7957ce0"
},
{
"type": "WEB",
"url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.17"
},
{
"type": "WEB",
"url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7.2"
},
{
"type": "WEB",
"url": "https://roundcube.net/news/2026/07/05/security-updates-1.6.17-and-1.7.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-35W7-H3V9-8QW4
Vulnerability from github – Published: 2023-10-10 15:30 – Updated: 2025-11-04 21:30A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
{
"affected": [],
"aliases": [
"CVE-2023-43786"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-10T13:15:22Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.",
"id": "GHSA-35w7-h3v9-8qw4",
"modified": "2025-11-04T21:30:43Z",
"published": "2023-10-10T15:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43786"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2145"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2973"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-43786"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242253"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00005.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231103-0006"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-362J-4WP6-47GJ
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted.
{
"affected": [],
"aliases": [
"CVE-2018-14621"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-30T13:29:00Z",
"severity": "HIGH"
},
"details": "An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted.",
"id": "GHSA-362j-4wp6-47gj",
"modified": "2022-05-13T01:34:32Z",
"published": "2022-05-13T01:34:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14621"
},
{
"type": "WEB",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=968175"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14621"
},
{
"type": "WEB",
"url": "http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=fce98161d9815ea016855d9f00274276452c2c4b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-368C-6QH8-76FJ
Vulnerability from github – Published: 2024-06-17 21:31 – Updated: 2024-11-18 16:26A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this vulnerability is the function isoffin_process of the file src/filters/isoffin_read.c of the component MP4Box. The manipulation leads to infinite loop. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is 20c0f29139a82779b86453ce7f68d0681ec7624c. It is recommended to apply a patch to fix this issue. The identifier VDB-268789 was assigned to this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2024-6061"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-17T20:15:14Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this vulnerability is the function isoffin_process of the file src/filters/isoffin_read.c of the component MP4Box. The manipulation leads to infinite loop. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is 20c0f29139a82779b86453ce7f68d0681ec7624c. It is recommended to apply a patch to fix this issue. The identifier VDB-268789 was assigned to this vulnerability.",
"id": "GHSA-368c-6qh8-76fj",
"modified": "2024-11-18T16:26:44Z",
"published": "2024-06-17T21:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6061"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/issues/2871"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/20c0f29139a82779b86453ce7f68d0681ec7624c"
},
{
"type": "WEB",
"url": "https://github.com/user-attachments/files/15801058/poc1.zip"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.268789"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.268789"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.356308"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-36H2-G4C8-9XCM
Vulnerability from github – Published: 2024-07-08 21:31 – Updated: 2024-08-30 19:56A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "aim"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.19.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-6227"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2024-08-07T20:38:41Z",
"nvd_published_at": "2024-07-08T19:15:10Z",
"severity": "HIGH"
},
"details": "A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.",
"id": "GHSA-36h2-g4c8-9xcm",
"modified": "2024-08-30T19:56:11Z",
"published": "2024-07-08T21:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6227"
},
{
"type": "PACKAGE",
"url": "https://github.com/aimhubio/aim"
},
{
"type": "WEB",
"url": "https://github.com/aimhubio/aim/blob/2e7b8aff8dcba9ddd5043dfec88cf2319ba8a87c/aim/sdk/repo.py#L195"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/abcea7c6-bb3b-45e9-aa15-9eb6b224451a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Aim denial of service vulnerability"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.