Denial of Service (DoS) vulnerability in the file upload request feature of Atlassian Crucible

Altoona Overview :
DoS vulnerability in the file upload request feature of Atlassian Crucible
Holbrook Affected Product(s) :
  • version < 4.7.4
  • 4.8.0 ≤ version < 4.8.5
Vulnerability Details :
CVE ID : CVE-2020-29447
Affected versions of Atlassian Crucible allow remote attackers to impact the application’s availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews.

Solution :

Upgrade to versions :-

  • 4.7.4
  • 4.8.5
  • 4.9.0

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-4315 : PARISNEO LOLLMS UP TO 9.7 SANITIZE_PATH_FROM_ENDPOINT FILENAME CONTROL

CVE-2024-4315 : PARISNEO LOLLMS UP TO 9.7 SANITIZE_PATH_FROM_ENDPOINT FILENAME CONTROL

Description parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function

CVE-2024-36454 : FSAS TECHNOLOGIES IPCOM EX2/IPCOM VE2 UP TO V01L07NF0201 PACKET UNINITIALIZED RESOURCE

CVE-2024-36454 : FSAS TECHNOLOGIES IPCOM EX2/IPCOM VE2 UP TO V01L07NF0201 PACKET UNINITIALIZED RESOURCE

Description Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x Series) V01L07NF0201 and earlier, and IPCOM VE2 Series

CVE-2024-34762 : WPENGINE ADVANCED CUSTOM FIELDS PRO PLUGIN UP TO 6.2.9 ON WORDPRESS PATH TRAVERSAL

CVE-2024-34762 : WPENGINE ADVANCED CUSTOM FIELDS PRO PLUGIN UP TO 6.2.9 ON WORDPRESS PATH TRAVERSAL

Description Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)