{"id":898,"date":"2025-04-23T05:57:38","date_gmt":"2025-04-23T05:57:38","guid":{"rendered":"http:\/\/localhost\/?p=898"},"modified":"2025-04-23T05:57:38","modified_gmt":"2025-04-23T05:57:38","slug":"cuba-has-a-dos-in-the-file-storage","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=898","title":{"rendered":"Cuba has a DoS in the File Storage"},"content":{"rendered":"<div class=\"vulnerability-details\">\n<h2>Vulnerability Details<\/h2>\n<div class=\"info-section\">\n<h3>Basic Information<\/h3>\n<table class=\"info-table\">\n<tr>\n<th>Title<\/th>\n<td>Cuba has a DoS in the File Storage<\/td>\n<\/tr>\n<tr>\n<th>Type<\/th>\n<td>github<\/td>\n<\/tr>\n<tr>\n<th>Published<\/th>\n<td>2025-04-22T16:57:36<\/td>\n<\/tr>\n<tr>\n<th>Last Seen<\/th>\n<td>2025-04-22T18:43:34<\/td>\n<\/tr>\n<tr>\n<th>CVSS Score<\/th>\n<td style=\"color: #ffcc00; font-weight: bold;\">6.5 (MEDIUM)<\/td>\n<\/tr>\n<\/table><\/div>\n<div class=\"cvss-section\">\n<h3>CVSS v3 Details<\/h3>\n<table class=\"cvss-table\">\n<tr>\n<th>Attack Vector<\/th>\n<td>NETWORK<\/td>\n<\/tr>\n<tr>\n<th>Attack Complexity<\/th>\n<td>LOW<\/td>\n<\/tr>\n<tr>\n<th>Privileges Required<\/th>\n<td>LOW<\/td>\n<\/tr>\n<tr>\n<th>User Interaction<\/th>\n<td>NONE<\/td>\n<\/tr>\n<tr>\n<th>Scope<\/th>\n<td>UNCHANGED<\/td>\n<\/tr>\n<tr>\n<th>Confidentiality Impact<\/th>\n<td>NONE<\/td>\n<\/tr>\n<tr>\n<th>Integrity Impact<\/th>\n<td>NONE<\/td>\n<\/tr>\n<tr>\n<th>Availability Impact<\/th>\n<td>HIGH<\/td>\n<\/tr>\n<\/table><\/div>\n<div class=\"cve-section\">\n<h3>CVE Information<\/h3>\n<table class=\"cve-table\">\n<tr>\n<th>CVE IDs<\/th>\n<td>CVE-2025-32959<\/td>\n<\/tr>\n<tr>\n<th>CWE<\/th>\n<td>CWE-770<\/td>\n<\/tr>\n<tr>\n<th>Bulletin Family<\/th>\n<td>software<\/td>\n<\/tr>\n<\/table><\/div>\n<div class=\"description-section\">\n<h3>Description<\/h3>\n<div class=\"description-content\">\n            ### Impact<\/p>\n<p>The local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service.<\/p>\n<p>The severity of the vulnerability is mitigated by the fact that the application UI and the generic REST API are typically accessible only to authenticated users.<\/p>\n<p>### Patches<\/p>\n<p>The problem has been fixed in CUBA 7.2.23.<\/p>\n<p>### Workarounds<\/p>\n<p>A workaround for those who are unable to upgrade: [Disable Files Endpoint in CUBA Application](https:\/\/docs.jmix.io\/jmix\/files-vulnerabilities.html#disable-files-endpoint-in-cuba-application).<\/p>\n<p>### References<\/p>\n<p>[Files Functionality Vulnerabilities :: Jmix Documentation](https:\/\/docs.jmix.io\/jmix\/files-vulnerabilities.html)<\/p>\n<p>Similar vulnerability in Jmix: [DoS in the Local File Storage \u00b7 Advisory \u00b7 jmix-framework\/jmix](https:\/\/github.com\/jmix-framework\/jmix\/security\/advisories\/GHSA-f3gv-cwwh-758m)\n        <\/p><\/div>\n<\/p><\/div>\n<div class=\"impact-section\">\n<h3>Impact Assessment<\/h3>\n<table class=\"impact-table\">\n<tr>\n<th>Base Score<\/th>\n<td>6.5<\/td>\n<\/tr>\n<tr>\n<th>Severity<\/th>\n<td style=\"color: #ffcc00;\">MEDIUM<\/td>\n<\/tr>\n<\/table><\/div>\n<div class=\"source-link\">\n<p><a href=\"https:\/\/github.com\/advisories\/GHSA-w3mp-6vrj-875g\" target=\"_blank\">View full CVE details<\/a><\/p>\n<\/p><\/div>\n<\/div>\n<style>\n.vulnerability-details {\n    font-family: Arial, sans-serif;\n    max-width: 1200px;\n    margin: 0 auto;\n    padding: 20px;\n}<\/p>\n<p>.info-section, .cvss-section, .cve-section, .description-section, .impact-section {\n    margin-bottom: 30px;\n    background: #f8f9fa;\n    padding: 20px;\n    border-radius: 8px;\n    box-shadow: 0 2px 4px rgba(0,0,0,0.1);\n}<\/p>\n<p>h2 {\n    color: #2c3e50;\n    border-bottom: 2px solid #3498db;\n    padding-bottom: 10px;\n    margin-bottom: 20px;\n}<\/p>\n<p>h3 {\n    color: #34495e;\n    margin-bottom: 15px;\n}<\/p>\n<p>.info-table, .cvss-table, .cve-table, .impact-table {\n    width: 100%;\n    border-collapse: collapse;\n    margin-bottom: 20px;\n}<\/p>\n<p>.info-table th, .cvss-table th, .cve-table th, .impact-table th {\n    background: #e9ecef;\n    padding: 12px;\n    text-align: left;\n    width: 200px;\n}<\/p>\n<p>.info-table td, .cvss-table td, .cve-table td, .impact-table td {\n    padding: 12px;\n    border-bottom: 1px solid #dee2e6;\n}<\/p>\n<p>.description-content {\n    line-height: 1.6;\n    color: #2c3e50;\n}<\/p>\n<p>.source-link {\n    text-align: center;\n    margin-top: 30px;\n}<\/p>\n<p>.source-link a {\n    display: inline-block;\n    padding: 10px 20px;\n    background: #3498db;\n    color: white;\n    text-decoration: none;\n    border-radius: 5px;\n    transition: background 0.3s;\n}<\/p>\n<p>.source-link a:hover {\n    background: #2980b9;\n}\n<\/style>\n","protected":false},"excerpt":{"rendered":"<p>Vulnerability Details Basic Information Title Cuba has a DoS in the File Storage Type github Published 2025-04-22T16:57:36 Last Seen 2025-04-22T18:43:34 CVSS Score 6.5 (MEDIUM) CVSS&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,26,12,14,21,13,7,11,5],"class_list":["post-898","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-65","tag-exploit","tag-github","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Cuba has a DoS in the File Storage - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=898\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cuba has a DoS in the File Storage - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Vulnerability Details Basic Information Title Cuba has a DoS in the File Storage Type github Published 2025-04-22T16:57:36 Last Seen 2025-04-22T18:43:34 CVSS Score 6.5 (MEDIUM) CVSS...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=898\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-04-23T05:57:38+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=898#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=898\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Cuba has a DoS in the File Storage\",\"datePublished\":\"2025-04-23T05:57:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=898\"},\"wordCount\":220,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-6.5\",\"exploit\",\"github\",\"MEDIUM\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=898#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=898\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=898\",\"name\":\"Cuba has a DoS in the File Storage - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-04-23T05:57:38+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=898#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=898\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=898#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cuba has a DoS in the File Storage\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cuba has a DoS in the File Storage - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=898","og_locale":"en_US","og_type":"article","og_title":"Cuba has a DoS in the File Storage - zero redgem","og_description":"Vulnerability Details Basic Information Title Cuba has a DoS in the File Storage Type github Published 2025-04-22T16:57:36 Last Seen 2025-04-22T18:43:34 CVSS Score 6.5 (MEDIUM) CVSS...","og_url":"https:\/\/zero.redgem.net\/?p=898","og_site_name":"zero redgem","article_published_time":"2025-04-23T05:57:38+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=898#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=898"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Cuba has a DoS in the File Storage","datePublished":"2025-04-23T05:57:38+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=898"},"wordCount":220,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-6.5","exploit","github","MEDIUM","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=898#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=898","url":"https:\/\/zero.redgem.net\/?p=898","name":"Cuba has a DoS in the File Storage - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-04-23T05:57:38+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=898#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=898"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=898#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Cuba has a DoS in the File Storage"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/898","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=898"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/898\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=898"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=898"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=898"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}