Resource exhaustion - CVE-2020-28488
Published: January 22, 2021 / Updated: October 8, 2021
Vulnerability identifier: #VU50161
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2020-28488
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor:
Affected software:
Detailed vulnerability description
Not a vulnerability.
==========================
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. When the "dialog" is injected into an HTML tag more than once, the browser and the application may crash.
How to mitigate CVE-2020-28488
This is not a security vulnerability.
Sources
- http://packetstormsecurity.com/files/161167/jQuery-UI-1.12.1-Denial-Of-Service.html
- https://bugs.jqueryui.com/ticket/15390
- https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1062739
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1062741
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1062740
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJQUERY-1062738
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1062742
- https://snyk.io/vuln/SNYK-JS-JQUERYUI-1052825