Vulnerability Description
Pimcore is an Open Source Data & Experience Management Platform. The Pimcore thumbnail generation can be used to flood the server with large files. By changing the file extension or scaling factor of the requested thumbnail, attackers can create files that are much larger in file size than the original. This vulnerability is fixed in 11.2.4.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pimcore | Pimcore | >= 11.0.0, < 11.2.4 |
Related Weaknesses (CWE)
References
- https://github.com/pimcore/pimcore/commit/38af70b3130f16fc27f2aea34e2943d7bdaabaPatch
- https://github.com/pimcore/pimcore/commit/a6821a16ea38086bf6012e682e1743488244bdPatch
- https://github.com/pimcore/pimcore/security/advisories/GHSA-277c-5vvj-9pwxExploitVendor Advisory
- https://github.com/pimcore/pimcore/commit/38af70b3130f16fc27f2aea34e2943d7bdaabaPatch
- https://github.com/pimcore/pimcore/commit/a6821a16ea38086bf6012e682e1743488244bdPatch
- https://github.com/pimcore/pimcore/security/advisories/GHSA-277c-5vvj-9pwxExploitVendor Advisory
FAQ
What is CVE-2024-32871?
CVE-2024-32871 is a vulnerability with a CVSS score of 7.5 (HIGH). Pimcore is an Open Source Data & Experience Management Platform. The Pimcore thumbnail generation can be used to flood the server with large files. By changing the file extension or scaling factor of ...
How severe is CVE-2024-32871?
CVE-2024-32871 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-32871?
Check the references section above for vendor advisories and patch information. Affected products include: Pimcore Pimcore.