CVE-2025-32947

Sažetak

This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities.

Reference

https://github.com/Chocobozzz/PeerTube/releases/tag/v7.1.1
https://research.jfrog.com/vulnerabilities/peertube-activitypub-crawl-dos/

CVSS

Base:	7.5
Impact:	3.6
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Zadnje važnije ažuriranje

15-04-2025 - 18:39

Objavljeno

15-04-2025 - 15:16