Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2023-36260
Good to know:
Date: January 29, 2024
An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote attackers to cause a denial of service (DoS) via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type with no volume selected. NOTE: this is not a report about code provided by the Craft CMS product; it is only a report about the Feed Me plugin. NOTE: a third-party report states that commit b5d6ede51848349bd91bc95fec288b6793f15e28 has "nothing to do with security."
Language: PHP
Severity Score
Related Resources (7)
Severity Score
Weakness Type (CWE)
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-74Top Fix
Upgrade Version
Upgrade to version verbb/feed-me - 4.1.0;verbb/feed-me - 5.0.1;verbb/feed-me - 2.0.1;verbb/feed-me - dev-bugfix/749-asset-filename-conflicts;verbb/feed-me - 3.0.0-beta.20;verbb/feed-me - dev-feature/feed-data-override;verbb/feed-me - dev-bugfix/element-sub-fields;verbb/feed-me - dev-pullrequests/bradlilley/main;verbb/feed-me - dev-vitepress;verbb/feed-me - dev-feature-modify-parsed-values;verbb/feed-me - dev-bugfix/cms-1199-logged-out-commerce-import;verbb/feed-me - dev-rector;verbb/feed-me - 3.0.0;verbb/feed-me - 4.3.6.1;verbb/feed-me - 3.0.0-beta.18;verbb/feed-me - dev-bugfix/1186-custom-entry-sources-break-mapping;verbb/feed-me - dev-dependabot/composer/craftcms/cms-4.5.11;verbb/feed-me - 3.0.0-beta.30;verbb/feed-me - no_fix;verbb/feed-me - dev-dependabot/composer/craftcms/cms-4.4.15;verbb/feed-me - dev-dependabot/npm_and_yarn/decode-uri-component-0.2.2;verbb/feed-me - dev-bugfix/845-default-author-and-parent;verbb/feed-me - dev-dependabot/npm_and_yarn/http-cache-semantics-4.1.1;verbb/feed-me - dev-dependabot/npm_and_yarn/browserify-sign-4.2.2;verbb/feed-me - 4.6.2;orderbird/feed-me-with-user-agent - no_fix;craftcms/feed-me - 2.0.1;craftcms/feed-me - 5.0.1;craftcms/feed-me - dev-vitepress;craftcms/feed-me - dev-dependabot/composer/craftcms/cms-4.4.12;craftcms/feed-me - dev-bugfix/1208-element-enabled-attribute;craftcms/feed-me - 4.3.6.1;craftcms/feed-me - dev-bugfix/correct-class-for-redactor-subfield;craftcms/feed-me - dev-bugfix/cms-15331-adjustment-for-dropdown-and-empty-value;craftcms/feed-me - dev-bugfix/1244-resolve-aliases-in-pagination-url;craftcms/feed-me - dev-bugfix/1186-custom-entry-sources-break-mapping;craftcms/feed-me - 3.1.4;craftcms/feed-me - dev-bugfix/cms-1199-logged-out-commerce-import;craftcms/feed-me - dev-bugfix/582-empty-user-photo-url;craftcms/feed-me - dev-dependabot/composer/craftcms/cms-4.2.1;craftcms/feed-me - 4.1.0;craftcms/feed-me - dev-newParentId-fix;craftcms/feed-me - 4.4.x-dev;craftcms/feed-me - dev-dependabot/npm_and_yarn/browserify-sign-4.2.2;craftcms/feed-me - dev-pullrequests/bradlilley/main;craftcms/feed-me - 3.0.0-beta.29;craftcms/feed-me - dev-dependabot/npm_and_yarn/minimist-1.2.7;craftcms/feed-me - dev-fix-1058;craftcms/feed-me - dev-dependabot/npm_and_yarn/http-cache-semantics-4.1.1;craftcms/feed-me - dev-bugfix/844-users-field-allow-search-for-admins;craftcms/feed-me - 4.6.2;craftcms/feed-me - dev-feature/enhanced-matrix-data-comparison;craftcms/feed-me - dev-feature/show-read-only-settings-when-allowadminchanges-false;craftcms/feed-me - dev-dependabot/npm_and_yarn/decode-uri-component-0.2.2;craftcms/feed-me - dev-bugfix/1279-multisite-custom-propagation;craftcms/feed-me - dev-dependabot/composer/craftcms/cms-4.5.11;craftcms/feed-me - dev-feature/add-money-field-support
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | NONE |
| Availability (A): | HIGH |