CVE-2024-48938
7.5
HIGH
CVSS 3.1
EPSS 0.70%
Description
Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process.
How to fix CVE-2024-48938
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- Debian/znuny—no fix listed
Is CVE-2024-48938 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |