Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this software is running or placing a heavy load on the network it is using. This issue has been fixed in v12.24Q4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Metrics
Affected Vendors & Products
References
History
Thu, 19 Dec 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this software is running or placing a heavy load on the network it is using. This issue has been fixed in v12.24Q4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |
Title | Uncontrolled Recursion and Asymmetric Resource Consumption in Altair media/file proxy | |
Weaknesses | CWE-400 CWE-405 |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-12-19T18:43:06.397Z
Updated: 2024-12-20T20:03:46.784Z
Reserved: 2024-12-18T18:29:25.896Z
Link: CVE-2024-56200
Vulnrichment
No data.
NVD
Status : Received
Published: 2024-12-19T19:15:08.280
Modified: 2024-12-19T19:15:08.280
Link: CVE-2024-56200
Redhat
No data.