#VU50161 Resource exhaustion - CVE-2020-28488
Published: January 22, 2021 / Updated: October 8, 2021
Vulnerability identifier: #VU50161
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2020-28488
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Software vendor:
Description
Not a vulnerability.
==========================
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. When the "dialog" is injected into an HTML tag more than once, the browser and the application may crash.
Remediation
This is not a security vulnerability.
External links
- http://packetstormsecurity.com/files/161167/jQuery-UI-1.12.1-Denial-Of-Service.html
- https://bugs.jqueryui.com/ticket/15390
- https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1062739
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1062741
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1062740
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJQUERY-1062738
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1062742
- https://snyk.io/vuln/SNYK-JS-JQUERYUI-1052825