VWE-2017-4266
Return to current revision
Current Revision
December 2, 2017, 10:47 AM
Differences in Content
-
[template]Vulnerability
| cve=
| aka=
| severity=Extreme
| difficulty=Easy
| description=Denial of Service. A malicious user can balloon the size of the CSS cache at will. -
-
| discover-date=October 9, 2017
| patch-date=October 15, 2017 -
+
| discover-date=November 5, 2017
| patch-date=December 1, 2017 -
| patches=4.0.20 Patch Level 1
4.0.19 Patch Level 4
4.0.18 Patch Level 5
4.0.17 Patch Level 7
4.0.16 Patch Level 8
4.0.15 Patch Level 12
| workaround=[/template]
[h=3]Notes[/h]
We discovered a similar issue in XenForo 1.x and 2.x at the same time. We reported the issue to XenForo developers, and it is fixed in XenForo 1.5.16 and 2.0.0, respectively.