CVE-2024-55653

Name of the Vulnerable Software and Affected Versions: PwnDoc versions up to and including 0.5.3

Description: The issue is related to insufficient input validation in the audits interface of the PwnDoc tool, which can be exploited by an authenticated user to crash the backend by raising an UnhandledPromiseRejection. This can be achieved even without knowing the audit ID, as providing a bad audit ID will also raise the rejection. As a result, the whole application becomes unusable for all users.

Recommendations: For versions up to and including 0.5.3, as a temporary workaround, consider disabling the audits interface until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.