First published: Tue Nov 22 2022(Updated: )
Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB.
Credit: security@huntr.dev
Affected Software | Affected Version | How to fix |
---|---|---|
Tooljet Tooljet | <1.27.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2022-4111.
The severity of CVE-2022-4111 is medium (6.5).
CVE-2022-4111 can lead to a denial-of-service (DoS) attack by allowing a logged-in attacker to upload profile pictures over 2MB.
Versions of Tooljet Tooljet up to and excluding 1.27.0 are affected by CVE-2022-4111.
To fix CVE-2022-4111, update Tooljet Tooljet to version 1.27.0 or later.