CVE-2024-9953

Name of the Vulnerable Software and Affected Versions CERT VINCE versions prior to 3.0.8

Description A potential denial-of-service (DoS) issue exists due to the ability of an authenticated administrative user to inject an arbitrary pickle object into a user’s profile. This action may lead to a DoS condition when the profile is accessed. Although the Django server has restrictions in place to prevent server crashes by limiting unpickling, this issue could still cause operational disruptions.

Recommendations For versions prior to 3.0.8, update to version 3.0.8 or later to resolve the issue. As a temporary workaround, consider restricting administrative access to prevent the injection of arbitrary pickle objects into user profiles.