CVE-2023-40599

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 25, 2023
Updated: Aug 31, 2023
CWE ID 1333

Summary

CVE-2023-40599 refers to a Remote Denial-of-Service (DoS) vulnerability affecting multiple add-ons of Mailform Pro CGI 4.3.1.3 and earlier. Specifically, a ReDoS (Regular Expression Denial-of-Service) issue has been identified in call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js. An unauthenticated attacker can exploit this vulnerability to trigger a denial-of-service condition, leading to service disruption. The vulnerability lies within the regular expression processing functionality of the affected add-ons, making them susceptible to malicious input that consumes substantial computational resources. Users are advised to update their Mailform Pro installations to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share