CVE-2025-0704 Information

Jan 25, 2025 cve

Description

A vulnerability which was classified as problematic was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. Affected is the function qrCode of the file src/main/java/io/github/controller/QrCodeController.java. The manipulation of the argument w/h leads to resource consumption. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore no version details for affected nor updated releases are available.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Reference

https://github.com/JoeyBling/bootplus/issues/26 https://github.com/JoeyBling/bootplus/issues/26#issue-2786934642 https://vuldb.com/?ctiid.293232 https://vuldb.com/?id.293232 https://vuldb.com/?submit.480843

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

LOW

Base Severity

5.3

Share on: