CWE-703
DiscouragedImproper Check or Handling of Exceptional Conditions
Abstraction: Pillar · Status: Incomplete
The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.
211 vulnerabilities reference this CWE, most recent first.
GHSA-J2RP-GMQV-FRHV
Vulnerability from github – Published: 2024-04-04 18:30 – Updated: 2024-09-26 16:45Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. Fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/hashicorp/vault"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-2660"
],
"database_specific": {
"cwe_ids": [
"CWE-636",
"CWE-703"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-04T22:10:49Z",
"nvd_published_at": "2024-04-04T18:15:14Z",
"severity": "MODERATE"
},
"details": "Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. Fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.",
"id": "GHSA-j2rp-gmqv-frhv",
"modified": "2024-09-26T16:45:51Z",
"published": "2024-04-04T18:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2660"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/t/hcsec-2024-07-vault-tls-cert-auth-method-did-not-correctly-validate-ocsp-responses/64573"
},
{
"type": "PACKAGE",
"url": "https://github.com/hashicorp/vault"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240524-0007"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "HashiCorpVault does not correctly validate OCSP responses"
}
GHSA-JHJH-776M-4765
Vulnerability from github – Published: 2022-08-31 21:25 – Updated: 2024-09-30 20:26Impact
The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room.
In versions of Synapse up to and including v1.61, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers.
Patches
Administrators of homeservers with federation enabled are advised to upgrade to v1.62.0 or higher.
Workarounds
- Federation can be disabled by setting
federation_domain_whitelistto an empty list ([]).
References
- https://github.com/matrix-org/synapse/pull/13087
- https://github.com/matrix-org/synapse/pull/13088
For more information
If you have any questions or comments about this advisory, e-mail us at security@matrix.org.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "matrix-synapse"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.62.0rc1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-31152"
],
"database_specific": {
"cwe_ids": [
"CWE-703",
"CWE-755"
],
"github_reviewed": true,
"github_reviewed_at": "2022-08-31T21:25:37Z",
"nvd_published_at": "2022-09-02T20:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n\nThe Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.3/rooms/v10/#authorization-rules) which must be checked when determining if an event should be accepted into a room.\n\nIn versions of Synapse up to and including v1.61, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers.\n\n### Patches\n\nAdministrators of homeservers with federation enabled are advised to upgrade to v1.62.0 or higher.\n\n### Workarounds\n\n * Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`).\n\n### References\n\n * https://github.com/matrix-org/synapse/pull/13087\n * https://github.com/matrix-org/synapse/pull/13088\n\n### For more information\n\nIf you have any questions or comments about this advisory, e-mail us at [security@matrix.org](mailto:security@matrix.org).",
"id": "GHSA-jhjh-776m-4765",
"modified": "2024-09-30T20:26:48Z",
"published": "2022-08-31T21:25:37Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-jhjh-776m-4765"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31152"
},
{
"type": "WEB",
"url": "https://github.com/matrix-org/synapse/pull/13087"
},
{
"type": "WEB",
"url": "https://github.com/matrix-org/synapse/pull/13088"
},
{
"type": "WEB",
"url": "https://github.com/matrix-org/synapse/commit/d4b1c0d800eaa83c4d56a9cf17881ad362b9194b"
},
{
"type": "WEB",
"url": "https://github.com/matrix-org/synapse/commit/e16ea87d0f8c4c30cad36f85488eb1f647e640b0"
},
{
"type": "PACKAGE",
"url": "https://github.com/matrix-org/synapse"
},
{
"type": "WEB",
"url": "https://github.com/matrix-org/synapse/releases/tag/v1.62.0"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2022-262.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Denial of service due to incorrect application of event authorization rules"
}
GHSA-M52X-Q4C4-72QW
Vulnerability from github – Published: 2024-11-26 06:31 – Updated: 2024-11-26 06:31The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'api_key' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
{
"affected": [],
"aliases": [
"CVE-2024-10781"
],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-26T06:15:08Z",
"severity": "HIGH"
},
"details": "The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the \u0027api_key\u0027 value in the \u0027perform\u0027 function in all versions up to, and including, 6.44. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.",
"id": "GHSA-m52x-q4c4-72qw",
"modified": "2024-11-26T06:31:03Z",
"published": "2024-11-26T06:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10781"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/cleantalk-spam-protect/tags/6.44/lib/Cleantalk/ApbctWP/RemoteCalls.php#L95"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/cleantalk-spam-protect/tags/6.44/lib/Cleantalk/ApbctWP/RemoteCalls.php#L96"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3188546/cleantalk-spam-protect#file653"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/79ae062c-b084-4045-9407-2d94919993af?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MFJ7-PC34-CQM8
Vulnerability from github – Published: 2024-04-04 21:30 – Updated: 2024-04-04 21:30An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.
{
"affected": [],
"aliases": [
"CVE-2024-22023"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-703"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-04T20:15:08Z",
"severity": "MODERATE"
},
"details": "An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS. ",
"id": "GHSA-mfj7-pc34-cqm8",
"modified": "2024-04-04T21:30:30Z",
"published": "2024-04-04T21:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22023"
},
{
"type": "WEB",
"url": "https://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-MGJ2-46RC-8756
Vulnerability from github – Published: 2023-04-12 18:30 – Updated: 2023-11-04 00:30A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges.
These files can include logs and system components that impact the integrity and availability of PAN-OS software.
{
"affected": [],
"aliases": [
"CVE-2023-0004"
],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-12T17:15:00Z",
"severity": "MODERATE"
},
"details": "A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges.\n\nThese files can include logs and system components that impact the integrity and availability of PAN-OS software.",
"id": "GHSA-mgj2-46rc-8756",
"modified": "2023-11-04T00:30:20Z",
"published": "2023-04-12T18:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0004"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2023-0004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MMFC-2FHM-4P24
Vulnerability from github – Published: 2025-07-30 00:32 – Updated: 2025-11-03 21:34A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.
{
"affected": [],
"aliases": [
"CVE-2025-24188"
],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-30T00:15:30Z",
"severity": "MODERATE"
},
"details": "A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.",
"id": "GHSA-mmfc-2fhm-4p24",
"modified": "2025-11-03T21:34:11Z",
"published": "2025-07-30T00:32:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24188"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/124149"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/124152"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Aug/0"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Jul/32"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MXHF-GJP2-RPRV
Vulnerability from github – Published: 2026-03-04 18:31 – Updated: 2026-03-05 15:302N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts.
{
"affected": [],
"aliases": [
"CVE-2025-59787"
],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-04T16:16:25Z",
"severity": "MODERATE"
},
"details": "2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts.",
"id": "GHSA-mxhf-gjp2-rprv",
"modified": "2026-03-05T15:30:35Z",
"published": "2026-03-04T18:31:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59787"
},
{
"type": "WEB",
"url": "https://www.2n.com/en-GB/download/cve_2025_59787_acom_3_5_v1pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-P449-4X9G-97VG
Vulnerability from github – Published: 2026-06-16 15:33 – Updated: 2026-06-16 18:32Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
{
"affected": [],
"aliases": [
"CVE-2026-12324"
],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-16T13:16:33Z",
"severity": "HIGH"
},
"details": "Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.",
"id": "GHSA-p449-4x9g-97vg",
"modified": "2026-06-16T18:32:37Z",
"published": "2026-06-16T15:33:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12324"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2038444"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-58"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-60"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-61"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-P47F-2F9W-4RQQ
Vulnerability from github – Published: 2025-09-05 18:31 – Updated: 2025-09-05 18:31In Permission Manager, there is a possible way for the microphone privacy indicator to remain activated even after the user attempts to close the app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2025-26461"
],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-05T17:15:34Z",
"severity": "LOW"
},
"details": "In Permission Manager, there is a possible way for the microphone privacy indicator to remain activated even after the user attempts to close the app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-p47f-2f9w-4rqq",
"modified": "2025-09-05T18:31:25Z",
"published": "2025-09-05T18:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26461"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/android-16"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PJJ3-J5J6-QJ27
Vulnerability from github – Published: 2025-07-21 19:52 – Updated: 2025-07-21 22:21Summary
The HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles endpoints.
Details
This vulnerability exists because the application does not properly handle exceptions which occur as a result of changes to user-modifiable URL parameters.
Affected Resources
• listFiles.js:22 listFiles() • saveFile.js:52 saveFile() • system/api/listFiles • system/api/saveFile
PoC
-
Targeting an instance of instance of HAX CMS NodeJS, send a request without parameters to
listFilesorsaveFiles. The following screenshot shows the request in Burp Suite. -
The server will crash with
ERR_INVALID_ARG_TYPE.
Impact
An authenticated attacker can deny access to the HAX CMS NodeJS application by crashing the backend server. This prevents all users from accessing the backend system. If the backend system is hosting websites, those websites will be unavailable.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@haxtheweb/haxcms-nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "11.0.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-54134"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-248",
"CWE-703"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-21T19:52:53Z",
"nvd_published_at": "2025-07-21T21:15:26Z",
"severity": "HIGH"
},
"details": "### Summary\nThe HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the `listFiles` and `saveFiles` endpoints.\n\n### Details\nThis vulnerability exists because the application does not properly handle exceptions which occur as a result of changes to user-modifiable URL parameters.\n\n#### Affected Resources\n\u2022 [listFiles.js:22](https://github.com/haxtheweb/haxcms-nodejs/blob/main/src/routes/listFiles.js#L22) listFiles()\n\u2022 [saveFile.js:52](https://github.com/haxtheweb/haxcms-nodejs/blob/main/src/routes/saveFile.js#L52) saveFile()\n\u2022 system/api/listFiles\n\u2022 system/api/saveFile\n\n### PoC\n1. Targeting an instance of instance of [HAX CMS NodeJS](https://github.com/haxtheweb/haxcms-nodejs), send a request without parameters to `listFiles` or `saveFiles`. The following screenshot shows the request in Burp Suite.\n\n\n2. The server will crash with `ERR_INVALID_ARG_TYPE`.\n\n\n### Impact\nAn authenticated attacker can deny access to the HAX CMS NodeJS application by crashing the backend server. This prevents all users from accessing the backend system. If the backend system is hosting websites, those websites will be unavailable.",
"id": "GHSA-pjj3-j5j6-qj27",
"modified": "2025-07-21T22:21:29Z",
"published": "2025-07-21T19:52:53Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/haxtheweb/issues/security/advisories/GHSA-pjj3-j5j6-qj27"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54134"
},
{
"type": "WEB",
"url": "https://github.com/haxtheweb/haxcms-nodejs/commit/e9773d1996233f9bafb06832b8220ec2a98bab34"
},
{
"type": "PACKAGE",
"url": "https://github.com/haxtheweb/haxcms-nodejs"
},
{
"type": "WEB",
"url": "https://github.com/haxtheweb/haxcms-nodejs/blob/main/src/routes/listFiles.js#L22"
},
{
"type": "WEB",
"url": "https://github.com/haxtheweb/haxcms-nodejs/blob/main/src/routes/saveFile.js#L52"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "HAX CMS NodeJS Application Has Improper Error Handling That Leads to Denial of Service"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.