CVE-2024-56200 HIGH

CVE-2024-56200: Uncontrolled Recursion and Asymmetric Resource Consumption in Altair media/file proxy

Vendor Nexryai

Product altair

Weakness CWE-400

Published December 19, 2024

Last update December 20, 2024

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

What the vulnerability does

01Description

Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this software is running or placing a heavy load on the network it is using. This issue has been fixed in v12.24Q4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Key dates

02Disclosure timeline

December 19, 2024 CVE published

December 20, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-56200 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/400.html

Related vulnerabilities

CVE-2024-56200: Uncontrolled Recursion and Asymmetric Resource Consumption in Altair media/file proxy

01Description

02Disclosure timeline

03References

04Related CVE