Vulnerability Details CVE-2024-9953
A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. An authenticated administrative user can inject an arbitrary pickle object into a user’s profile, which may lead to a DoS condition when the profile is accessed. While the Django server restricts unpickling to prevent server crashes, this vulnerability could still disrupt operations.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.3%
CVSS Severity
CVSS v3 Score 4.9
Products affected by CVE-2024-9953
-
cpe:2.3:a:cert:vince:-
-
cpe:2.3:a:cert:vince:1.48.0
-
cpe:2.3:a:cert:vince:1.49.0
-
cpe:2.3:a:cert:vince:1.50.0
-
cpe:2.3:a:cert:vince:1.50.1
-
cpe:2.3:a:cert:vince:1.50.2
-
cpe:2.3:a:cert:vince:1.50.3
-
cpe:2.3:a:cert:vince:1.50.4
-
cpe:2.3:a:cert:vince:1.50.5
-
cpe:2.3:a:cert:vince:1.50.6