Vulnerability Description
Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Synck Graphica | Mailform Pro Cgi | <= 4.3.1.3 |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN86484824/Third Party Advisory
- https://www.synck.com/blogs/news/newsroom/detail_1691668841.htmlVendor Advisory
- https://jvn.jp/en/jp/JVN86484824/Third Party Advisory
- https://www.synck.com/blogs/news/newsroom/detail_1691668841.htmlVendor Advisory
FAQ
What is CVE-2023-40599?
CVE-2023-40599 is a vulnerability with a CVSS score of 7.5 (HIGH). Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition....
How severe is CVE-2023-40599?
CVE-2023-40599 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-40599?
Check the references section above for vendor advisories and patch information. Affected products include: Synck Graphica Mailform Pro Cgi.