Description

Pimcore is an Open Source Data & Experience Management Platform. The Pimcore thumbnail generation can be used to flood the server with large files. By changing the file extension or scaling factor of the requested thumbnail, attackers can create files that are much larger in file size than the original. This vulnerability is fixed in 11.2.4.

INFO

Published Date :

2024-06-04T14:43:20.796Z

Last Modified :

2024-08-02T02:20:35.642Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-32871 vulnerability.

Vendors Products
Pimcore
  • Pimcore
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-32871.

URL Resource
https://github.com/pimcore/pimcore/commit/38af70b3130f16fc27f2aea34e2943d7bdaaba06 cve-icon cve-icon
https://github.com/pimcore/pimcore/commit/a6821a16ea38086bf6012e682e1743488244bd85 cve-icon cve-icon
https://github.com/pimcore/pimcore/security/advisories/GHSA-277c-5vvj-9pwx cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact