Home > Vulnerability Database > CVE-2024-55653

Mend.io Vulnerability Database

CVE-2024-55653

Date: December 10, 2024

PwnDoc is a penetration test report generator. In versions up to and including 0.5.3, an authenticated user is able to crash the backend by raising a "UnhandledPromiseRejection" on audits which exits the backend. The user doesn't need to know the audit id, since a bad audit id will also raise the rejection. With the backend being unresponsive, the whole application becomes unusable for all users of the application. As of time of publication, no known patches are available.

Language: JS

Severity Score

6.5

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-55653

Url: https://github.com/pwndoc/pwndoc/security/advisories/GHSA-ggqg-3f7v-c8rc

Url: https://www.mend.io/vulnerability-database/CVE-2024-55653

Severity Score

6.5

Weakness Type (CWE)

Improper Input Validation

CWE-20

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-55653

Date: December 10, 2024

Language: JS

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?