CVE-2022-4111 — ToolJet is vulnerable to Denial of Service (DoS)

描述

ToolJet/ToolJet placed no limit on the file size for user avatars. This could cause a denial of service if too many users upload large files. This is fixed in commit 01cd3f0464747973ec329e9fb1ea12743d3235cc in version 1.27.0. `tooljet` is no longer listed on npmjs.com but was [listed on npmjs.com in the past](https://web.archive.org/web/20220210014826/https://www.npmjs.com/package/tooljet). This advisory is maintained for historical completeness.

如何修補 CVE-2022-4111

要修補 CVE-2022-4111,請將受影響套件升級到下列已修補版本。

—升級至 1.27.0 或更新版本

CVE-2022-4111 正在被利用嗎?

低 — EPSS 為 0.4%,目前沒有觀察到大規模利用活動。

受影響套件(1)

from 0, < 1.27.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

參考連結(5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-4111
PATCHgithub.com/ToolJet/ToolJet
WEBgithub.com/tooljet/tooljet/commit/01cd3f0464747973ec329e9fb1ea12743d3235cc
WEBgithub.com/ToolJet/ToolJet/pull/4103
WEB