Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Pimcore

11.2.4

Source

security-advisories@github.com

CVE-2024-32871 details

Published : June 4, 2024, 3:15 p.m.
Last Modified : June 4, 2024, 4:57 p.m.

Description

Pimcore is an Open Source Data & Experience Management Platform. The Pimcore thumbnail generation can be used to flood the server with large files. By changing the file extension or scaling factor of the requested thumbnail, attackers can create files that are much larger in file size than the original. This vulnerability is fixed in 11.2.4.

CVSS Score

1	2	3	4	5	6	7.5	8	9	10

Weakness

Weakness	Name	Description

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

7.5

Exploitability Score

Impact Score

Base Severity

HIGH

Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

URL	Source
https://github.com/pimcore/pimcore/commit/38af70b3130f16fc27f2aea34e2943d7bdaaba06	security-advisories@github.com
https://github.com/pimcore/pimcore/commit/a6821a16ea38086bf6012e682e1743488244bd85	security-advisories@github.com
https://github.com/pimcore/pimcore/security/advisories/GHSA-277c-5vvj-9pwx	security-advisories@github.com

This website uses the NVD API, but is not approved or certified by it.

CVE-2024-32871

Products

Source

Tags

CVE-2024-32871 details

Description

CVSS Score

Weakness

CVSS Data

Attack Vector

Attack Complexity

Privileges Required

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Base Score

Exploitability Score

Impact Score

Base Severity

References