CVE-2024-55963
6.5
MEDIUM
CVSS 3.1
EPSS 37.2%
Description
An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't have admin permissions can trigger the restart API on Appsmith, causing a server restart. This is still within the Appsmith container, and the impact is limited to Appsmith's own server only, but there is a denial of service because it can be continually restarted. This is due to incorrect access control checks, which should check for super user permissions on the incoming request.
How to fix CVE-2024-55963
To remediate CVE-2024-55963, upgrade the affected package to a fixed version below.
- —upgrade to 1.51.0 or later
Is CVE-2024-55963 being exploited?
Moderate — EPSS is 37.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1.51.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |