The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2021-6252 Related Report None Severity Extreme Exploit Difficulty NORMAL Platform Affects all platforms supported by the vulnerable versions. Description Denial of Service amplification. A distributed attack can consume available MySQL connections by submitting extremely high amounts of choices to a bulk chooser's submission script, because the number of choices is not limited prior to querying MySQL. This occurs due to a lack of completeness in the patches for VWE-2016-2034.
Discovered October 16, 2021 Resolved October 25, 2021 Patches Available 4.1.2 Patch Level 3
4.1.1 Patch Level 8
This page has been seen 176,665 times.
-
-
Created by on
-