CVE-2024-56200

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-56200

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56200.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-56200

Related

GHSA-3pfm-hp96-pfgv
GHSA-gq5q-c77c-v23600

Published

2024-12-19T18:43:06Z

Modified

2025-10-25T02:51:46.174847Z

Severity

8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVSS Calculator

Summary

Uncontrolled Recursion and Asymmetric Resource Consumption in Altair media/file proxy

Details

Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this software is running or placing a heavy load on the network it is using. This issue has been fixed in v12.24Q4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific

{
    "cwe_ids": [
        "CWE-400",
        "CWE-405"
    ]
}

References

Affected packages

Git / github.com/nexryai/altair

Affected ranges

Type

GIT

Repo

https://github.com/nexryai/altair

Events

Introduced

Fixed

f7ec11a0fae706a1be4e61953774c180f239a89d

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "v12.24Q4.1"
        }
    ]
}

Affected versions

12.*

12.119.2-fix.1

12.119.2-fix.2

12.119.2-fix.3

12.119.2-fix.4

12.119.2-fix.5

12.119.2-fix.5.1

12.119.2-fix.5.2

12.119.2-fix.5.3

12.119.2-fix.5.4

12.119.2-fix.5.5

12.119.2-fix.5.6

12.119.2-fix.5.7

12.119.2-fix.5.8

12.119.2-fix.5.9

12.119.2-fix.6.0

v12.*

v12.23Q4.4

v12.23Q4.5

v12.23Q4.6

v12.23Q4.7

v12.23Q4.8

v12.24Q1.2

v12.24Q1.3

v12.24Q1.4

v12.24Q2.1

v12.24Q2.1-fix

v12.24Q2.2

v12.24Q2.3

v12.24Q2.4

v12.24Q2.5

v12.24Q2.6

v12.24Q3.1

v12.24Q3.2