JoeyBling Bootplus Resource Consumption Vulnerability in QrCodeController Allowing Denial-of-Service
Vulnerability
A resource consumption vulnerability has been identified in JoeyBling Bootplus versions through commit 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. The issue arises in the qrCode method of the QrCodeController.java file, where the width and height parameters are not properly restricted. This lack of validation can lead to excessive resource usage, causing a denial-of-service condition. The vulnerability can be exploited remotely.
Impact
Exploitation of this vulnerability leads to excessive resource consumption, causing a denial-of-service condition.
Reproduction
The vulnerability can be reproduced by sending a request to the application's qrcode endpoint with excessively large width and height parameters. This can be done using a tool like curl or Postman, or through a web browser by entering the URL with the specified parameters. The application will become unresponsive or slow down significantly, indicating a successful denial-of-service attack.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.