CVE-2018-10827

Name of the Vulnerable Software and Affected Versions LiteCart versions prior to 2.1.2

Description The issue allows remote attackers to cause a denial of service, specifically memory consumption, by sending requests for URIs that do not exist. This is because the not found.log file in the public html/logs directory grows without bound as it logs each non-existent URI request, and this log file is loaded into memory for each request.

Recommendations For versions prior to 2.1.2, update to version 2.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the not found.log file or implementing a log rotation mechanism to prevent the file from growing without bound.