1 results (0.010 seconds)
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-30141
https://notcve.org/view.php?id=CVE-2021-30141
05 Apr 2021 — Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states "the feature still requires a valid authentication cookie even if the route is accessible to non-logged users. ** EN DISPUTA ** El archivo Module/Settings/UserExport.php en Friendica versiones hasta 2021.01, permite que settings/userexport sea usado por... • https://github.com/friendica/friendica/issues/10110 • CWE-401: Missing Release of Memory after Effective Lifetime •