What the vulnerability does

01Description

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator.

Key dates

02Disclosure timeline

April 5, 2017 CVE published
August 5, 2024 Record updated