GHSA-275f-jq4p-wxgwHighCVSS 7.5
Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability by sending an extremely long...
🔗 CVE IDs covered (1)
📋 Description
Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability by sending an extremely long password via the user login form. When a long password is sent, the password hashing process will result in CPU and memory exhaustion on the server.
🔗 References (5)
- https://nvd.nist.gov/vuln/detail/CVE-2020-28873
- https://www.acunetix.com/vulnerabilities/web/long-password-denial-of-service/#:~:text=By%20sending%20a%20very%20long,a%20vulnerable%20password%20hashing%20implementation
- http://fluxbb.com
- https://www.acunetix.com/vulnerabilities/web/long-password-denial-of-service/#:~:text=By%20sending%20a%20very%20long%2Ca%20vulnerable%20password%20hashing%20implementation
- https://github.com/advisories/GHSA-275f-jq4p-wxgw