CVE-2023-36260

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 30, 2024

Updated: Aug 2, 2024

CWE ID 74

Summary

CVE-2023-36260 is a vulnerability affecting Feed Me plugin version 4.6.1 for Craft CMS. This issue allows remote attackers to cause a denial of service (DoS) by crafting strings for the Feed-Me Name and Feed-Me URL fields during the saving of a feed using an Asset element type with no selected volume. This vulnerability is specific to the Feed Me plugin and is not related to the Craft CMS core product. A report suggests that commit b5d6ede51848349bd91bc95fec288b6793f15e28 is not associated with the security issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uVcif4
https://www.cve.org/CVERecord?id=CVE-2023-36260
https://nvd.nist.gov/vuln/detail/CVE-2023-36260

Back to Vulnerability Database

CVE-2023-36260

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations