What is CVE-2024-56200?

CVE-2024-56200 is a high-severity vulnerability in Nexryai Altair, classified under Uncontrolled Resource Consumption. CVSS score: 8.6/10. Published 2024-12-19.

How severe is CVE-2024-56200?

High severity. CVSS v3 base score is 8.6 out of 10.

Resource exhaustion in Nexryai Altair

CVE-2024-56200

Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.002 (45.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H.

Affected products

Nexryai Altair — versions < v12.24Q4.1

Weakness classification (CWE)

References

https://github.com/nexryai/altair/security/advisories/GHSA-3pfm-hp96-pfgv (x_refsource_CONFIRM)
https://github.com/misskey-dev/misskey/security/advisories/GHSA-gq5q-c77c-v23600 (x_refsource_MISC)
https://github.com/nexryai/altair/commit/20bad5155a8d73f8d807c6c1ae0f7b8041331be8 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-56200?: CVE-2024-56200 is a high-severity vulnerability in Nexryai Altair, classified under Uncontrolled Resource Consumption. CVSS score: 8.6/10. Published 2024-12-19.
How severe is CVE-2024-56200?: High severity. CVSS v3 base score is 8.6 out of 10.