CVE-2023-30188

Name of the Vulnerable Software and Affected Versions ONLYOFFICE Document Server versions 4.0.3 through 7.3.2

Description The issue is related to a Memory Exhaustion vulnerability in the JavaScript File Handler component of ONLYOFFICE Document Server. This vulnerability allows remote attackers to cause a denial of service via a crafted JavaScript file. The exploitation of this vulnerability is associated with incorrect cleanup or release of resources.

Recommendations For versions 4.0.3 through 7.3.2, consider disabling the JavaScript File Handler component as a temporary workaround to minimize the risk of exploitation until a patch is available. Restrict access to crafted JavaScript files to prevent remote attackers from causing a denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.