Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for altair by nexryai

    CVE-2024-56200 (GCVE-0-2024-56200)

    Vulnerability from nvd – Published: 2024-12-19 18:43 – Updated: 2024-12-20 20:03
    VLAI
    Title
    Uncontrolled Recursion and Asymmetric Resource Consumption in Altair media/file proxy
    Summary
    Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this software is running or placing a heavy load on the network it is using. This issue has been fixed in v12.24Q4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-405 - Asymmetric Resource Consumption (Amplification)
    Assigner
    Impacted products
    Vendor Product Version
    nexryai altair Affected: < v12.24Q4.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56200",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-20T20:03:37.413091Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-20T20:03:46.784Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "altair",
              "vendor": "nexryai",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c v12.24Q4.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this software is running or placing a heavy load on the network it is using. This issue has been fixed in v12.24Q4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-405",
                  "description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-19T18:43:06.397Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nexryai/altair/security/advisories/GHSA-3pfm-hp96-pfgv",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nexryai/altair/security/advisories/GHSA-3pfm-hp96-pfgv"
            },
            {
              "name": "https://github.com/misskey-dev/misskey/security/advisories/GHSA-gq5q-c77c-v23600",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/misskey-dev/misskey/security/advisories/GHSA-gq5q-c77c-v23600"
            },
            {
              "name": "https://github.com/nexryai/altair/commit/20bad5155a8d73f8d807c6c1ae0f7b8041331be8",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nexryai/altair/commit/20bad5155a8d73f8d807c6c1ae0f7b8041331be8"
            }
          ],
          "source": {
            "advisory": "GHSA-3pfm-hp96-pfgv",
            "discovery": "UNKNOWN"
          },
          "title": "Uncontrolled Recursion and Asymmetric Resource Consumption in Altair media/file proxy"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-56200",
        "datePublished": "2024-12-19T18:43:06.397Z",
        "dateReserved": "2024-12-18T18:29:25.896Z",
        "dateUpdated": "2024-12-20T20:03:46.784Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-56200 (GCVE-0-2024-56200)

    Vulnerability from cvelistv5 – Published: 2024-12-19 18:43 – Updated: 2024-12-20 20:03
    VLAI
    Title
    Uncontrolled Recursion and Asymmetric Resource Consumption in Altair media/file proxy
    Summary
    Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this software is running or placing a heavy load on the network it is using. This issue has been fixed in v12.24Q4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-405 - Asymmetric Resource Consumption (Amplification)
    Assigner
    Impacted products
    Vendor Product Version
    nexryai altair Affected: < v12.24Q4.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-56200",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-20T20:03:37.413091Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-20T20:03:46.784Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "altair",
              "vendor": "nexryai",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c v12.24Q4.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this software is running or placing a heavy load on the network it is using. This issue has been fixed in v12.24Q4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-405",
                  "description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-19T18:43:06.397Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nexryai/altair/security/advisories/GHSA-3pfm-hp96-pfgv",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nexryai/altair/security/advisories/GHSA-3pfm-hp96-pfgv"
            },
            {
              "name": "https://github.com/misskey-dev/misskey/security/advisories/GHSA-gq5q-c77c-v23600",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/misskey-dev/misskey/security/advisories/GHSA-gq5q-c77c-v23600"
            },
            {
              "name": "https://github.com/nexryai/altair/commit/20bad5155a8d73f8d807c6c1ae0f7b8041331be8",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nexryai/altair/commit/20bad5155a8d73f8d807c6c1ae0f7b8041331be8"
            }
          ],
          "source": {
            "advisory": "GHSA-3pfm-hp96-pfgv",
            "discovery": "UNKNOWN"
          },
          "title": "Uncontrolled Recursion and Asymmetric Resource Consumption in Altair media/file proxy"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-56200",
        "datePublished": "2024-12-19T18:43:06.397Z",
        "dateReserved": "2024-12-18T18:29:25.896Z",
        "dateUpdated": "2024-12-20T20:03:46.784Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }