CVE-2023-36260

Craft CMS Feed-Me in packagist/craftcms/cms

Identifiers

CVE-2023-36260, GHSA-6p78-f7h9-6838

Package Slug

packagist/craftcms/cms

Vulnerability

Craft CMS Feed-Me

Description

An issue discovered in Craft CMS version 4.6.1. allows remote attackers to cause a denial of service (DoS) via crafted string to Feed-Me Name and Feed-Me URL fields due to saving a feed using an Asset element type with no volume selected.

Affected Versions

All versions before 4.6.1.1

Solution

Upgrade to version 4.7.0 or above.

Last Modified

2024-01-31

source