CVE-2022-39346 Information

Description

Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10 23.0.7 or 24.0.3. There are no known workarounds for this issue.

Reference

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6w9f-jgjx-4vj6 https://github.com/nextcloud/server/pull/33052 https://hackerone.com/reports/1588562