CVE-2022-4111 – tooljet

Package

Manager: npm
Name: tooljet
Vulnerable Version: >=0 <1.27.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00077 pctl0.23619

Details

ToolJet is vulnerable to Denial of Service (DoS) ToolJet/ToolJet placed no limit on the file size for user avatars. This could cause a denial of service if too many users upload large files. This is fixed in commit 01cd3f0464747973ec329e9fb1ea12743d3235cc in version 1.27.0. `tooljet` is no longer listed on npmjs.com but was [listed on npmjs.com in the past](https://web.archive.org/web/20220210014826/https://www.npmjs.com/package/tooljet). This advisory is maintained for historical completeness.

Metadata

Created: 2022-11-22T03:30:56Z
Modified: 2023-07-11T13:52:18Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-hgp8-w8fj-r4cm/GHSA-hgp8-w8fj-r4cm.json
CWE IDs: ["CWE-1284", "CWE-400"]
Alternative ID: GHSA-hgp8-w8fj-r4cm
Finding: F002
Auto approve: 1