CVE-2022-4111: Uncontrolled Resource Consumption

November 22, 2022 (updated December 2, 2022)

Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB.

References

github.com/ToolJet/ToolJet/pull/4103
github.com/advisories/GHSA-hgp8-w8fj-r4cm
github.com/tooljet/tooljet/commit/01cd3f0464747973ec329e9fb1ea12743d3235cc
huntr.dev/bounties/5596d072-66d2-4361-8cac-101c9c781c3d
nvd.nist.gov/vuln/detail/CVE-2022-4111

Detect and mitigate CVE-2022-4111 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →