CVE-2022-4111

Name of the Vulnerable Software and Affected Versions tooljet/tooljet versions prior to 1.27

Description The issue allows a logged-in attacker to upload large files, such as profile pictures over 2MB, due to an unrestricted file size limit. This can lead to a denial of service (DoS) if multiple users upload large files, causing network congestion and slowing down the site. For example, if a botnet uploads 100MB files from 100 machines simultaneously, it could handle 10GB of data and make the site unavailable.

Recommendations For versions prior to 1.27, update to version 1.27.0 or later to fix the issue. As a temporary workaround, consider restricting file uploads or limiting the file size for user avatars to prevent denial of service attacks.